DATABASE RESOURCES PRICING ABOUT US

{"sourceData": "\n &lt;div&nbsp;[0x80]onmouseover=&quot;alert('xss');&quot;&gt;aaa&lt;/div&gt;\r\n&lt;[0x80][0x80]s[0x80][0x80]c[0x80]r[0x80]i[0x80]p[0x80]t[0x80]&gt;[0x80]document.write('[0x80]xss');&lt;/script&gt;\n ", "status": "poc,details", "description": "BUGTRAQ ID: 29303\r\nCVE(CAN) ID: CVE-2008-0416\r\n\r\nFirefox\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nFirefox\u53ca\u5176\u884d\u751f\u4ea7\u54c1\u4e2d\u7684HTML\u89e3\u6790\u5668\u6ca1\u6709\u9075\u5faaHTML\u89c4\u8303\uff0c\u5c06\u9000\u683c\u5b57\u7b26\u5904\u7406\u4e3a\u7a7a\u683c\uff0c\u8fd9\u53ef\u80fd\u5728\u9075\u5faa\u4e86\u4e0a\u8ff0\u89c4\u8303\u8fc7\u6ee4\u8f93\u5165\u7684\u7f51\u7ad9\u4e0a\u5bfc\u81f4\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\u6b64\u5916Firefox\u6ca1\u6709\u6b63\u786e\u7684\u89e3\u6790Shift_JIS\u7f16\u7801\u76840x80\u63a7\u5236\u5b57\u7b26\uff0c\u8fd9\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u7ed5\u8fc7\u7ad9\u70b9\u8f93\u5165\u8fc7\u6ee4\u6267\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\r\n\n\nMozilla Firefox &lt; 2.0.0.12\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1489-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1489-1\uff1aNew iceweasel packages fix several vulnerabilities\r\n\u94fe\u63a5\uff1a<a href=http://www.debian.org/security/2008/dsa-1489 target=_blank>http://www.debian.org/security/2008/dsa-1489</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12.orig.tar.gz</a>\r\nSize/MD5 checksum: 43522779 34cb9e2038afa635dac9319a0f113be8\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.dsc target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.dsc</a>\r\nSize/MD5 checksum: 1289 568c8d5661721888aa75724f4ec76cf9\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.diff.gz target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.diff.gz</a>\r\nSize/MD5 checksum: 186174 96e7907d265cdf00b81785db4e2ab6c4\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.12-0etch1_all.deb</a>\r\nSize/MD5 checksum: 54290 97f40d39e73fba4b90c79a514ab89f18\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.12-0etch1_all.deb</a>\r\nSize/MD5 checksum: 54146 ef3dbcc83837bc5c86ecdb3295716e23\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.12-0etch1_all.deb</a>\r\nSize/MD5 checksum: 54026 91815e0777f6249b4ba95bbeb38cee0c\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.12-0etch1_all.deb</a>\r\nSize/MD5 checksum: 54176 1b7640fa33604225b347b8fd368163a0\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.12-0etch1_all.deb</a>\r\nSize/MD5 checksum: 54816 97db059f2fc4f52bd4d2389f724e8378\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.12-0etch1_all.deb</a>\r\nSize/MD5 checksum: 54026 969ad8b6ed5b8b0dea8cd5d3414c1485\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.12-0etch1_all.deb</a>\r\nSize/MD5 checksum: 239356 4309e0a07163450b9d7ce65103b39b80\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_alpha.deb</a>\r\nSize/MD5 checksum: 90934 5e1bdb44f0484fd2111a1541276b99dd\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_alpha.deb</a>\r\nSize/MD5 checksum: 51062530 72e80dbe1969eae96b4d9ed57aa89122\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_alpha.deb</a>\r\nSize/MD5 checksum: 11553820 0cea194c903903bb98b53cc349b89dbf\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_amd64.deb</a>\r\nSize/MD5 checksum: 50060784 8639ed04300fac0705c47c27338fdfbb\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_amd64.deb</a>\r\nSize/MD5 checksum: 87564 79c23f813fc543121275f4a974833c82\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_amd64.deb</a>\r\nSize/MD5 checksum: 10182710 bb8bbff82040dc0c04e98ac477a5a691\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_hppa.deb</a>\r\nSize/MD5 checksum: 89302 2867a60e5385e94188bf66f38f992a29\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_hppa.deb</a>\r\nSize/MD5 checksum: 11031094 f5926d349e00706a548fdb4f6c02dbac\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_hppa.deb</a>\r\nSize/MD5 checksum: 50426978 4228e87f68b21f2627069a320603263d\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_i386.deb</a>\r\nSize/MD5 checksum: 9096292 1c535164988178a3d6b889f9d44f31e8\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_i386.deb</a>\r\nSize/MD5 checksum: 81706 a7ca2818a1d14730077724e3acaf615f\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_i386.deb</a>\r\nSize/MD5 checksum: 49451404 3525c3b01dd1142815513cc0d390493f\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_ia64.deb</a>\r\nSize/MD5 checksum: 14120046 8d6c6253c001988251523976eee216a1\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_ia64.deb</a>\r\nSize/MD5 checksum: 99914 3a4bd7bd5ab87d20bbf5a962411ae4fa\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_ia64.deb</a>\r\nSize/MD5 checksum: 50400330 dfa48b54a479b7f305c899bc3f395f92\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mips.deb</a>\r\nSize/MD5 checksum: 53844792 613a7bc03c43510bcb09e09d33bce694\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mips.deb</a>\r\nSize/MD5 checksum: 82810 e673433c89d7a74e95b86ed1a264fa5b\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mips.deb</a>\r\nSize/MD5 checksum: 11038906 5f60ab9a24ad69a5b8c17ef69f31ef83\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 82872 e9fcd10390f6241f8ddc9c996807afe0\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 10735706 dcc381a4d6a0d26a0d69afb0696955db\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 52399756 ffa41f602d079d778355e5a4a7cbde18\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 9913630 75da2ef9f6915fc6961cc56755f6b8fb\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 83434 0b65d7b061d42bfb5ae48c9fb2f65e05\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 51852988 59f76c278e30b86d7e3caaab603d774e\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_s390.deb</a>\r\nSize/MD5 checksum: 87788 6cc1b69d90583e765b1f54bdd8ec88a4\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_s390.deb</a>\r\nSize/MD5 checksum: 10339140 dd605f3c893a9fd281ee68c940faaea7\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_s390.deb</a>\r\nSize/MD5 checksum: 50726238 fdc527fd80bb0383ea8ef02dca684f16\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_sparc.deb</a>\r\nSize/MD5 checksum: 81548 f4e489f39594fda6a3a3498aea9bd986\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_sparc.deb</a>\r\nSize/MD5 checksum: 9122208 28632988671ede31388d9caa46a5cfe9\r\n<a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_sparc.deb</a>\r\nSize/MD5 checksum: 49060394 1008a6ee3a9f8a3b6e46b766e62af10a\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a>", "sourceHref": "https://www.seebug.org/vuldb/ssvid-3319", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-3319", "type": "seebug", "viewCount": 4, "references": [], "lastseen": "2017-11-19T21:41:13", "published": "2008-05-23T00:00:00", "cvelist": ["CVE-2008-0416"], "id": "SSV:3319", "enchantments_done": [], "modified": "2008-05-23T00:00:00", "title": "Mozilla Firefox\u5b57\u7b26\u7f16\u7801\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2008:0103", "CESA-2008:0104", "CESA-2008:0104-01"]}, {"type": "cve", "idList": ["CVE-2008-0416"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1484-1:87969", "DEBIAN:DSA-1485-1:95345", "DEBIAN:DSA-1485-2:D3677", "DEBIAN:DSA-1489-1:68AB5"]}, {"type": "gentoo", "idList": ["GLSA-200805-18"]}, {"type": "mozilla", "idList": ["MFSA2008-13"]}, {"type": "nessus", "idList": ["4365.PRM", "4367.PRM", "4448.PRM", "CENTOS_RHSA-2008-0103.NASL", "CENTOS_RHSA-2008-0104.NASL", "DEBIAN_DSA-1484.NASL", "DEBIAN_DSA-1485.NASL", "DEBIAN_DSA-1489.NASL", "GENTOO_GLSA-200805-18.NASL", "MOZILLA_FIREFOX_20012.NASL", "MOZILLA_THUNDERBIRD_20012.NASL", "ORACLELINUX_ELSA-2008-0103.NASL", "ORACLELINUX_ELSA-2008-0104.NASL", "REDHAT-RHSA-2008-0103.NASL", "REDHAT-RHSA-2008-0104.NASL", "SEAMONKEY_118.NASL", "UBUNTU_USN-576-1.NASL", "UBUNTU_USN-592-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122612", "OPENVAS:136141256231090014", "OPENVAS:60362", "OPENVAS:60363", "OPENVAS:60364", "OPENVAS:60575", "OPENVAS:61052", "OPENVAS:840192", "OPENVAS:840285", "OPENVAS:90013", "OPENVAS:90014"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0103", "ELSA-2008-0104"]}, {"type": "osv", "idList": ["OSV:DSA-1484-1", "OSV:DSA-1485-2", "OSV:DSA-1489-1", "OSV:DSA-1506-1"]}, {"type": "redhat", "idList": ["RHSA-2008:0103", "RHSA-2008:0104"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19515", "SECURITYVULNS:VULN:8838"]}, {"type": "ubuntu", "idList": ["USN-576-1", "USN-592-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0416"]}]}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2008:0103", "CESA-2008:0104", "CESA-2008:0104-01"]}, {"type": "cve", "idList": ["CVE-2008-0416"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1484-1:87969"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2008-0104.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60363"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0104"]}, {"type": "redhat", "idList": ["RHSA-2008:0103"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19515"]}, {"type": "ubuntu", "idList": ["USN-592-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0416"]}]}, "exploitation": null, "vulnersScore": 0.0}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1660012044}, "_internal": {"score_hash": "35eae5a09aaa5a1f87420d46873ddabf"}}

{"mozilla": [{"lastseen": "2021-12-29T14:15:12", "description": "WebKit developer Alexey Proskuryakov reported that the Mozilla HTML parser treated the backspace character as whitespace contrary to the HTML specification and different from other browsers. This difference might lead to Cross-site Scripting (XSS) risks on sites which filtered input in accordance with the specification.\n", "cvss3": {}, "published": "2008-03-25T00:00:00", "type": "mozilla", "title": "Multiple XSS vulnerabilities from character encoding \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0416"], "modified": "2008-03-25T00:00:00", "id": "MFSA2008-13", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T11:36:45", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) \"zero-length non-ASCII sequences\" in certain Asian character sets.", "cvss3": {}, "published": "2008-02-12T03:00:00", "type": "cve", "title": "CVE-2008-0416", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0416"], "modified": "2018-10-03T21:53:00", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:seamonkey:1.1.7"], "id": "CVE-2008-0416", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0416", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:25", "description": "Mozilla Foundation Security Advisory 2008-13\r\n\r\nTitle: Multiple XSS vulnerabilities from character encoding\r\nImpact: Moderate\r\nAnnounced: March 25, 2008\r\nReporter: Alexey Proskuryakov, Yosuke Hasegawa, Simon Montagu\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 2.0.0.12\r\n Thunderbird 2.0.0.12\r\n SeaMonkey 1.1.8\r\nDescription\r\n\r\nWebKit developer Alexey Proskuryakov reported that the Mozilla HTML parser treated the backspace character as whitespace contrary to the HTML specification and different from other browsers. This difference might lead to Cross-site Scripting &#40;XSS&#41; risks on sites which filtered input in accordance with the specification.\r\n\r\nYosuke Hasegawa reported a flaw in the way Mozilla parses the control character 0x80 under Shift_JIS encoding. This flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard. While investigating, Mozilla developer Simon Montagu discovered several variants of this flaw involving zero-length non-ASCII sequences in ISO-2022-JP, ISO-2022-CN, ISO-2022-KR, and HZ-GB-2312.\r\n\r\nThese flaws were fixed in and prior to Firefox 2.0.0.12 but the announcement was held until other browser vendors could fix related flaws.\r\nWorkaround\r\n\r\nDisable JavaScript until a version containing these fixes can be installed. Although the flaw is in the parser, the main risk is using these flaws to construct a XSS attack which requires scripting to be enabled.\r\nReferences\r\n\r\n * Character encoding XSS bugs\r\n * CVE-2008-0416\r\n", "edition": 1, "cvss3": {}, "published": "2008-03-26T00:00:00", "title": "Mozilla Foundation Security Advisory 2008-13", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-0416"], "modified": "2008-03-26T00:00:00", "id": "SECURITYVULNS:DOC:19515", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19515", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:56:45", "description": "Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication.", "edition": 2, "cvss3": {}, "published": "2008-03-28T00:00:00", "title": "Mozilla Firefox / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2008-03-28T00:00:00", "id": "SECURITYVULNS:VULN:8838", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8838", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:42:59", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox\nbefore 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8\nallow remote attackers to inject arbitrary web script or HTML via certain\ncharacter encodings, including (1) a backspace character that is treated as\nwhitespace, (2) 0x80 with Shift_JIS encoding, and (3) \"zero-length\nnon-ASCII sequences\" in certain Asian character sets.", "cvss3": {}, "published": "2008-02-12T00:00:00", "type": "ubuntucve", "title": "CVE-2008-0416", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0416"], "modified": "2008-02-12T00:00:00", "id": "UB:CVE-2008-0416", "href": "https://ubuntu.com/security/CVE-2008-0416", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-10-18T14:24:12", "description": "The installed version of Thunderbird is affected by various security issues :\n\n - Several stability bugs exist leading to crashes which, in some cases, show traces of memory corruption.\n\n - Several issues exist that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, cross-site scripting, and/or remote code execution.\n\n - A directory traversal vulnerability exist via the 'chrome:' URI.\n\n - A heap-based buffer overflow exists that can be triggered when viewing an email with an external MIME body.\n\n - Multiple cross-site scripting vulnerabilities exist related to character encoding.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-27T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0418"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_20012.NASL", "href": "https://www.tenable.com/plugins/nessus/31193", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(31193);\n script_version(\"1.23\");\n\n script_cve_id(\n \"CVE-2008-0304\", \n \"CVE-2008-0412\", \n \"CVE-2008-0413\",\n \"CVE-2008-0415\", \n \"CVE-2008-0416\", \n \"CVE-2008-0418\"\n );\n script_bugtraq_id(27406, 27683, 28012, 29303);\n\n script_name(english:\"Mozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The installed version of Thunderbird is affected by various security\nissues :\n\n - Several stability bugs exist leading to crashes which, in\n some cases, show traces of memory corruption.\n\n - Several issues exist that allow scripts from page\n content to escape from their sandboxed context and/or\n run with chrome privileges, resulting in privilege\n escalation, cross-site scripting, and/or remote code\n execution.\n\n - A directory traversal vulnerability exist via the\n 'chrome:' URI.\n\n - A heap-based buffer overflow exists that can be\n triggered when viewing an email with an external MIME\n body.\n\n - Multiple cross-site scripting vulnerabilities\n exist related to character encoding.\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-12/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Mozilla Thunderbird 2.0.0.12 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 119, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/02/07\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'2.0.0.12', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:48", "description": "Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox's character encoding handling. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious web page, an attacker could escalate privileges within the browser, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges.\n(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Firefox which could lead to crashes and memory corruption. If a user were tricked into opening a malicious web page, an attacker may be able to execute arbitrary code with the user's privileges. (CVE-2008-1236, CVE-2008-1237)\n\nGregory Fleischer discovered Firefox did not properly process HTTP Referrer headers when they were sent with with requests to URLs containing Basic Authentication credentials with empty usernames. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. (CVE-2008-1238)\n\nPeter Brodersen and Alexander Klink reported that default the setting in Firefox for SSL Client Authentication allowed for users to be tracked via their client certificate. The default has been changed to prompt the user each time a website requests a client certificate.\n(CVE-2007-4879)\n\nGregory Fleischer discovered that web content fetched via the jar protocol could use Java LiveConnect to connect to arbitrary ports on the user's machine due to improper parsing in the Java plugin. If a user were tricked into opening malicious web content, an attacker may be able to access services running on the user's machine.\n(CVE-2008-1195, CVE-2008-1240)\n\nChris Thomas discovered that Firefox would allow an XUL popup from an unselected tab to display in front of the selected tab. An attacker could exploit this behavior to spoof a login prompt and steal the user's credentials. (CVE-2008-1241).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-0416", "CVE-2008-1195", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:libnspr-dev", "p-cpe:/a:canonical:ubuntu_linux:libnspr4", "p-cpe:/a:canonical:ubuntu_linux:libnss-dev", "p-cpe:/a:canonical:ubuntu_linux:libnss3", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10"], "id": "UBUNTU_USN-592-1.NASL", "href": "https://www.tenable.com/plugins/nessus/31700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-592-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31700);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0416\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_xref(name:\"USN\", value:\"592-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered\nflaws in Firefox's character encoding handling. If a user were tricked\ninto opening a malicious web page, an attacker could perform\ncross-site scripting attacks. (CVE-2008-0416)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a\nuser into opening a malicious web page, an attacker could escalate\nprivileges within the browser, perform cross-site scripting attacks\nand/or execute arbitrary code with the user's privileges.\n(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Firefox which could lead to\ncrashes and memory corruption. If a user were tricked into opening a\nmalicious web page, an attacker may be able to execute arbitrary code\nwith the user's privileges. (CVE-2008-1236, CVE-2008-1237)\n\nGregory Fleischer discovered Firefox did not properly process HTTP\nReferrer headers when they were sent with with requests to URLs\ncontaining Basic Authentication credentials with empty usernames. An\nattacker could exploit this vulnerability to perform cross-site\nrequest forgery attacks. (CVE-2008-1238)\n\nPeter Brodersen and Alexander Klink reported that default the setting\nin Firefox for SSL Client Authentication allowed for users to be\ntracked via their client certificate. The default has been changed to\nprompt the user each time a website requests a client certificate.\n(CVE-2007-4879)\n\nGregory Fleischer discovered that web content fetched via the jar\nprotocol could use Java LiveConnect to connect to arbitrary ports on\nthe user's machine due to improper parsing in the Java plugin. If a\nuser were tricked into opening malicious web content, an attacker may\nbe able to access services running on the user's machine.\n(CVE-2008-1195, CVE-2008-1240)\n\nChris Thomas discovered that Firefox would allow an XUL popup from an\nunselected tab to display in front of the selected tab. An attacker\ncould exploit this behavior to spoof a login prompt and steal the\nuser's credentials. (CVE-2008-1241).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/592-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79, 94, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dbg\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dom-inspector\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-gnome-support\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr4\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss3\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:26", "description": "The installed version of SeaMonkey is affected by various security issues :\n\n - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption\n\n - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known.\n\n - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution.\n\n - A directory traversal vulnerability via the 'chrome:' URI.\n\n - A vulnerability involving 'designMode' frames that may result in web browsing history and forward navigation stealing.\n\n - An information disclosure issue in the BMP decoder.\n\n - Mis-handling of locally-saved plaintext files.\n\n - Possible disclosure of sensitive URL parameters, such as session tokens, via the .href property of stylesheet DOM nodes reflecting the final URI of the stylesheet after following any 302 redirects.\n\n - A heap-based buffer overflow that can be triggered when viewing an email with an external MIME body.\n\n - Multiple cross-site scripting vulnerabilities related to character encoding.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-08T00:00:00", "type": "nessus", "title": "SeaMonkey < 1.1.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:mozilla:seamonkey"], "id": "SEAMONKEY_118.NASL", "href": "https://www.tenable.com/plugins/nessus/30210", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(30210);\n script_version(\"1.21\");\n\n script_cve_id(\"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\",\n \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0418\", \"CVE-2008-0419\",\n \"CVE-2008-0420\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(27406, 27683, 27826, 28012, 29303);\n\n script_name(english:\"SeaMonkey < 1.1.8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser on the remote host is affected by multiple\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of SeaMonkey is affected by various security\nissues :\n\n - Several stability bugs leading to crashes which, in\n some cases, show traces of memory corruption\n\n - Several file input focus stealing vulnerabilities\n that could result in uploading of arbitrary files\n provided their full path and file names are known.\n\n - Several issues that allow scripts from page content\n to escape from their sandboxed context and/or run\n with chrome privileges, resulting in privilege\n escalation, XSS, and/or remote code execution.\n\n - A directory traversal vulnerability via the\n 'chrome:' URI.\n\n - A vulnerability involving 'designMode' frames that\n may result in web browsing history and forward\n navigation stealing.\n\n - An information disclosure issue in the BMP\n decoder.\n\n - Mis-handling of locally-saved plaintext files.\n\n - Possible disclosure of sensitive URL parameters,\n such as session tokens, via the .href property of\n stylesheet DOM nodes reflecting the final URI of\n the stylesheet after following any 302 redirects.\n\n - A heap-based buffer overflow that can be triggered\n when viewing an email with an external MIME\n body.\n\n - Multiple cross-site scripting vulnerabilities\n related to character encoding.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-02/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-06/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-07/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-09/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-10/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-12/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SeaMonkey 1.1.8 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 119, 200, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/02/08\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.8', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:51", "description": "From Red Hat Security Advisory 2008:0103 :\n\nUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', Firefox will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : firefox (ELSA-2008-0103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "p-cpe:/a:oracle:linux:firefox-devel", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2008-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/67647", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0103 and \n# Oracle Linux Security Advisory ELSA-2008-0103 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67647);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(24293, 27406, 27683);\n script_xref(name:\"RHSA\", value:\"2008:0103\");\n\n script_name(english:\"Oracle Linux 4 / 5 : firefox (ELSA-2008-0103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0103 :\n\nUpdated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed web content. A webpage containing malicious content could\ncause Firefox to crash, or potentially execute arbitrary code as the\nuser running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nFirefox will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-February/000508.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-February/000509.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"firefox-1.5.0.12-0.10.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"firefox-1.5.0.12-0.10.el4.0.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"firefox-1.5.0.12-9.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"firefox-devel-1.5.0.12-9.el5.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:32", "description": "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', Firefox will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : firefox (CESA-2008:0103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "p-cpe:/a:centos:centos:firefox-devel", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/30220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0103 and \n# CentOS Errata and Security Advisory 2008:0103 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30220);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(24293, 27406, 27683);\n script_xref(name:\"RHSA\", value:\"2008:0103\");\n\n script_name(english:\"CentOS 4 / 5 : firefox (CESA-2008:0103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed web content. A webpage containing malicious content could\ncause Firefox to crash, or potentially execute arbitrary code as the\nuser running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nFirefox will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014663.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6964e64\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014664.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97b58275\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014669.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe0b320f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?216e4c50\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014675.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36284eef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"firefox-1.5.0.12-0.10.el4.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-1.5.0.12-9.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-devel-1.5.0.12-9.el5.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:38", "description": "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', Firefox will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : firefox (RHSA-2008:0103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.6", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.1"], "id": "REDHAT-RHSA-2008-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/30245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0103. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30245);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(24293, 27406, 27683);\n script_xref(name:\"RHSA\", value:\"2008:0103\");\n\n script_name(english:\"RHEL 4 / 5 : firefox (RHSA-2008:0103)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nMozilla Firefox is an open source Web browser.\n\nSeveral flaws were found in the way Firefox processed certain\nmalformed web content. A webpage containing malicious content could\ncause Firefox to crash, or potentially execute arbitrary code as the\nuser running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way Firefox displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way Firefox stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way Firefox handles certain chrome URLs. If a\nuser has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of Firefox. (CVE-2008-0418)\n\nA flaw was found in the way Firefox saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nFirefox will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of firefox are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0103\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0103\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"firefox-1.5.0.12-0.10.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-1.5.0.12-9.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-devel-1.5.0.12-9.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:44", "description": "The installed version of SeaMonkey is affected by various security issues :\n - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.\n - Several stability bugs leading to crashes that, in some cases, show traces of memory corruption.\n - An HTTP Referer spoofing issue with malformed URLs.\n - A privacy issue with SSL client authentication.\n - Web content fetched via the 'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the localhost.\n - It is possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser.", "cvss3": {"score": 4.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "SeaMonkey < 1.1.9 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0416", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1241", "CVE-2007-4879", "CVE-2008-1195", "CVE-2008-1240"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*"], "id": "4448.PRM", "href": "https://www.tenable.com/plugins/nnm/4448", "sourceData": "Binary data 4448.prm", "cvss": {"score": 5.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T13:11:32", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann' discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0414 'hong' and Gregory Fleischer discovered that file input focus vulnerabilities in the file upload control could allow information disclosure of local files.\n\n - CVE-2008-0415 'moz_bug_r_a4' and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation.\n\n - CVE-2008-0417 Justin Dolske discovered that the password storage mechanism could be abused by malicious websites to corrupt existing saved passwords.\n\n - CVE-2008-0418 Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure.\n\n - CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which could lead to information disclosure or potentially the execution of arbitrary code.\n\n - CVE-2008-0591 Michal Zalewski discovered that timers protecting security-sensitive dialogs (which disable dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript.\n\n - CVE-2008-0592 It was discovered that malformed content declarations of saved attachments could prevent a user from opening local files with a '.txt' file name, resulting in minor denial of service.\n\n - CVE-2008-0593 Martin Straka discovered that insecure stylesheet handling during redirects could lead to information disclosure.\n\n - CVE-2008-0594 Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing protections could be bypassed with <div> elements.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "Debian DSA-1484-1 : xulrunner - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xulrunner", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1484.NASL", "href": "https://www.tenable.com/plugins/nessus/30224", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1484. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30224);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_bugtraq_id(27406, 27683);\n script_xref(name:\"DSA\", value:\"1484\");\n\n script_name(english:\"Debian DSA-1484-1 : xulrunner - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2008-0412\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats\n Palmgren and Paul Nickerson discovered crashes in the\n layout engine, which might allow the execution of\n arbitrary code.\n\n - CVE-2008-0413\n Carsten Book, Wesley Garland, Igor Bukanov,\n 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann'\n discovered crashes in the JavaScript engine, which might\n allow the execution of arbitrary code.\n\n - CVE-2008-0414\n 'hong' and Gregory Fleischer discovered that file input\n focus vulnerabilities in the file upload control could\n allow information disclosure of local files.\n\n - CVE-2008-0415\n 'moz_bug_r_a4' and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could\n allow privilege escalation.\n\n - CVE-2008-0417\n Justin Dolske discovered that the password storage\n mechanism could be abused by malicious websites to\n corrupt existing saved passwords.\n\n - CVE-2008-0418\n Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a\n directory traversal vulnerability in chrome: URI\n handling could lead to information disclosure.\n\n - CVE-2008-0419\n David Bloom discovered a race condition in the image\n handling of designMode elements, which could lead to\n information disclosure or potentially the execution of\n arbitrary code.\n\n - CVE-2008-0591\n Michal Zalewski discovered that timers protecting\n security-sensitive dialogs (which disable dialog\n elements until a timeout is reached) could be bypassed\n by window focus changes through JavaScript.\n\n - CVE-2008-0592\n It was discovered that malformed content declarations of\n saved attachments could prevent a user from opening\n local files with a '.txt' file name, resulting in minor\n denial of service.\n\n - CVE-2008-0593\n Martin Straka discovered that insecure stylesheet\n handling during redirects could lead to information\n disclosure.\n\n - CVE-2008-0594\n Emil Ljungdahl and Lars-Olof Moilanen discovered that\n phishing protections could be bypassed with <div>\n elements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1484\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xulrunner packages.\n\nThe old stable distribution (sarge) doesn't contain xulrunner.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080131b-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libmozillainterfaces-java\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmozjs-dev\", reference:\"1.8.0.15~pre080131a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmozjs0d\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmozjs0d-dbg\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnspr4-0d\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnspr4-0d-dbg\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnspr4-dev\", reference:\"1.8.0.15~pre080131a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-0d\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-0d-dbg\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-dev\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libnss3-tools\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libsmjs-dev\", reference:\"1.8.0.15~pre080131a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libsmjs1\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul-common\", reference:\"1.8.0.15~pre080131a-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul-dev\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul0d\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxul0d-dbg\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python-xpcom\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"spidermonkey-bin\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xulrunner\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xulrunner-gnome-support\", reference:\"1.8.0.15~pre080131b-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:38", "description": "Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann' discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0414 'hong' and Gregory Fleischer discovered that file input focus vulnerabilities in the file upload control could allow information disclosure of local files.\n\n - CVE-2008-0415 'moz_bug_r_a4' and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation.\n\n - CVE-2008-0417 Justin Dolske discovered that the password storage mechanism could be abused by malicious websites to corrupt existing saved passwords.\n\n - CVE-2008-0418 Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure.\n\n - CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure and potentially the execution of arbitrary code.\n\n - CVE-2008-0591 Michal Zalewski discovered that timers protecting security-sensitive dialogs (by disabling dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript.\n\n - CVE-2008-0592 It was discovered that malformed content declarations of saved attachments could prevent a user from opening local files with a '.txt' file name, resulting in minor denial of service.\n\n - CVE-2008-0593 Martin Straka discovered that insecure stylesheet handling during redirects could lead to information disclosure.\n\n - CVE-2008-0594 Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing protections could be bypassed with <div> elements.\n\nThe Mozilla products from the old stable distribution (sarge) are no longer supported with security updates.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "Debian DSA-1489-1 : iceweasel - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1489.NASL", "href": "https://www.tenable.com/plugins/nessus/30228", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1489. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30228);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_bugtraq_id(27406, 27683);\n script_xref(name:\"DSA\", value:\"1489\");\n\n script_name(english:\"Debian DSA-1489-1 : iceweasel - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0412\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats\n Palmgren and Paul Nickerson discovered crashes in the\n layout engine, which might allow the execution of\n arbitrary code.\n\n - CVE-2008-0413\n Carsten Book, Wesley Garland, Igor Bukanov,\n 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann'\n discovered crashes in the JavaScript engine, which might\n allow the execution of arbitrary code.\n\n - CVE-2008-0414\n 'hong' and Gregory Fleischer discovered that file input\n focus vulnerabilities in the file upload control could\n allow information disclosure of local files.\n\n - CVE-2008-0415\n 'moz_bug_r_a4' and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could\n allow privilege escalation.\n\n - CVE-2008-0417\n Justin Dolske discovered that the password storage\n mechanism could be abused by malicious websites to\n corrupt existing saved passwords.\n\n - CVE-2008-0418\n Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a\n directory traversal vulnerability in chrome: URI\n handling could lead to information disclosure.\n\n - CVE-2008-0419\n David Bloom discovered a race condition in the image\n handling of designMode elements, which can lead to\n information disclosure and potentially the execution of\n arbitrary code.\n\n - CVE-2008-0591\n Michal Zalewski discovered that timers protecting\n security-sensitive dialogs (by disabling dialog elements\n until a timeout is reached) could be bypassed by window\n focus changes through JavaScript.\n\n - CVE-2008-0592\n It was discovered that malformed content declarations of\n saved attachments could prevent a user from opening\n local files with a '.txt' file name, resulting in minor\n denial of service.\n\n - CVE-2008-0593\n Martin Straka discovered that insecure stylesheet\n handling during redirects could lead to information\n disclosure.\n\n - CVE-2008-0594\n Emil Ljungdahl and Lars-Olof Moilanen discovered that\n phishing protections could be bypassed with <div>\n elements.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1489\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.12-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"firefox\", reference:\"2.0.0.12-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"firefox-dom-inspector\", reference:\"2.0.0.12-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"firefox-gnome-support\", reference:\"2.0.0.12-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel\", reference:\"2.0.0.12-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-dbg\", reference:\"2.0.0.12-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-dom-inspector\", reference:\"2.0.0.12-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"iceweasel-gnome-support\", reference:\"2.0.0.12-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox\", reference:\"2.0.0.12-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox-dom-inspector\", reference:\"2.0.0.12-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-firefox-gnome-support\", reference:\"2.0.0.12-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:13", "description": "The installed version of Firefox is affected by various security issues :\n\n - Several stability bugs leading to crashes that, in some cases, show traces of memory corruption\n - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known.\n - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS and/or remote code execution.\n - An issue that could allow a malicious site to inject newlines into the application's password store when a user saves his password, resulting in corruption of saved passwords for other sites.\n - A directory traversal vulnerability via the 'chrome:' URI.\n - A vulnerability involving 'designMode' frames that may result in web browsing history and forward navigation stealing.\n - A file action dialog tampering vulnerability involving timer-enabled security dialogs.\n - Mis-handling of locally-saved plain text files.\n - Possible disclosure of sensitive URL parameters, such as session tokens, via the .href property of stylesheet DOM nodes reflecting the final URI of the stylesheet after following any 302 redirects.\n - A failure to display a web forgery warning dialog in cases where the entire contents of a page are enclosed in a '<div>' tag with absolute positioning.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2008-02-08T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 2.0.0.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0414", "CVE-2008-0594"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "id": "4365.PRM", "href": "https://www.tenable.com/plugins/nnm/4365", "sourceData": "Binary data 4365.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:11:20", "description": "Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann' discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.\n\n - CVE-2008-0415 'moz_bug_r_a4' and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation.\n\n - CVE-2008-0418 Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure.\n\n - CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure and potentially the execution of arbitrary code.\n\n - CVE-2008-0591 Michal Zalewski discovered that timers protecting security-sensitive dialogs (by disabling dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript.\n\nThe Mozilla products from the old stable distribution (sarge) are no longer supported with security updates.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "Debian DSA-1485-2 : icedove - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedove", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1485.NASL", "href": "https://www.tenable.com/plugins/nessus/30225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1485. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30225);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_bugtraq_id(27406, 27683);\n script_xref(name:\"DSA\", value:\"1485\");\n\n script_name(english:\"Debian DSA-1485-2 : icedove - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-0412\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats\n Palmgren and Paul Nickerson discovered crashes in the\n layout engine, which might allow the execution of\n arbitrary code.\n\n - CVE-2008-0413\n Carsten Book, Wesley Garland, Igor Bukanov,\n 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann'\n discovered crashes in the JavaScript engine, which might\n allow the execution of arbitrary code.\n\n - CVE-2008-0415\n 'moz_bug_r_a4' and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could\n allow privilege escalation.\n\n - CVE-2008-0418\n Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a\n directory traversal vulnerability in chrome: URI\n handling could lead to information disclosure.\n\n - CVE-2008-0419\n David Bloom discovered a race condition in the image\n handling of designMode elements, which can lead to\n information disclosure and potentially the execution of\n arbitrary code.\n\n - CVE-2008-0591\n Michal Zalewski discovered that timers protecting\n security-sensitive dialogs (by disabling dialog elements\n until a timeout is reached) could be bypassed by window\n focus changes through JavaScript.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1485\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"icedove\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-dbg\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-dev\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-gnome-support\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-inspector\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"icedove-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-dev\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-inspector\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"mozilla-thunderbird-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-dbg\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-dev\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-gnome-support\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-inspector\", reference:\"1.5.0.13+1.5.0.15a.dfsg1-0etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"thunderbird-typeaheadfind\", reference:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:13", "description": "The installed version of Thunderbird is missing a critical patch. The vendor has released a patch that addresses a number of remote vulnerabilities. ", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2008-02-08T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0414", "CVE-2008-0594"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"], "id": "4367.PRM", "href": "https://www.tenable.com/plugins/nnm/4367", "sourceData": "Binary data 4367.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:35", "description": "From Red Hat Security Advisory 2008:0104 :\n\nUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', SeaMonkey will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:seamonkey", "p-cpe:/a:oracle:linux:seamonkey-chat", "p-cpe:/a:oracle:linux:seamonkey-devel", "p-cpe:/a:oracle:linux:seamonkey-dom-inspector", "p-cpe:/a:oracle:linux:seamonkey-js-debugger", "p-cpe:/a:oracle:linux:seamonkey-mail", "p-cpe:/a:oracle:linux:seamonkey-nspr", "p-cpe:/a:oracle:linux:seamonkey-nspr-devel", "p-cpe:/a:oracle:linux:seamonkey-nss", "p-cpe:/a:oracle:linux:seamonkey-nss-devel", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2008-0104.NASL", "href": "https://www.tenable.com/plugins/nessus/67648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0104 and \n# Oracle Linux Security Advisory ELSA-2008-0104 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67648);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(24293, 27406, 27683);\n script_xref(name:\"RHSA\", value:\"2008:0104\");\n\n script_name(english:\"Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0104 :\n\nUpdated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain\nmalformed web content. A webpage containing malicious content could\ncause SeaMonkey to crash, or potentially execute arbitrary code as the\nuser running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If\na user has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nSeaMonkey will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of SeaMonkey are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-February/000507.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-February/000510.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 94, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.9.el3.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-0.9.el3.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-chat-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-devel-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-dom-inspector-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-js-debugger-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-mail-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nspr-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nspr-devel-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nss-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-9.el4.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"seamonkey-nss-devel-1.0.9-9.el4.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:44", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', SeaMonkey will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : seamonkey (CESA-2008:0104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:seamonkey", "p-cpe:/a:centos:centos:seamonkey-chat", "p-cpe:/a:centos:centos:seamonkey-devel", "p-cpe:/a:centos:centos:seamonkey-dom-inspector", "p-cpe:/a:centos:centos:seamonkey-js-debugger", "p-cpe:/a:centos:centos:seamonkey-mail", "p-cpe:/a:centos:centos:seamonkey-nspr", "p-cpe:/a:centos:centos:seamonkey-nspr-devel", "p-cpe:/a:centos:centos:seamonkey-nss", "p-cpe:/a:centos:centos:seamonkey-nss-devel", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2008-0104.NASL", "href": "https://www.tenable.com/plugins/nessus/30221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0104 and \n# CentOS Errata and Security Advisory 2008:0104 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30221);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(24293, 27406, 27683);\n script_xref(name:\"RHSA\", value:\"2008:0104\");\n\n script_name(english:\"CentOS 3 / 4 : seamonkey (CESA-2008:0104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain\nmalformed web content. A webpage containing malicious content could\ncause SeaMonkey to crash, or potentially execute arbitrary code as the\nuser running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If\na user has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nSeaMonkey will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of SeaMonkey are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014661.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b615239\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014662.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43cc2832\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014667.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2634875c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014668.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?212996e0\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014673.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15f721aa\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-February/014674.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ecf7b57f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 94, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-1.0.9-0.9.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-chat-1.0.9-0.9.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-devel-1.0.9-0.9.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-dom-inspector-1.0.9-0.9.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-js-debugger-1.0.9-0.9.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-mail-1.0.9-0.9.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-1.0.9-0.9.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nspr-devel-1.0.9-0.9.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-1.0.9-0.9.el3.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"seamonkey-nss-devel-1.0.9-0.9.el3.centos3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-1.0.9-9.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-chat-1.0.9-9.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-devel-1.0.9-9.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-dom-inspector-1.0.9-9.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-js-debugger-1.0.9-9.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-mail-1.0.9-9.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-1.0.9-9.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nspr-devel-1.0.9-9.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-1.0.9-9.el4.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"seamonkey-nss-devel-1.0.9-9.el4.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:25", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', SeaMonkey will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:seamonkey", "p-cpe:/a:redhat:enterprise_linux:seamonkey-chat", "p-cpe:/a:redhat:enterprise_linux:seamonkey-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector", "p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger", "p-cpe:/a:redhat:enterprise_linux:seamonkey-mail", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss", "p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0104.NASL", "href": "https://www.tenable.com/plugins/nessus/30246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0104. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30246);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_bugtraq_id(24293, 27406, 27683);\n script_xref(name:\"RHSA\", value:\"2008:0104\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0104)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated SeaMonkey packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1, 3, and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the way SeaMonkey processed certain\nmalformed web content. A webpage containing malicious content could\ncause SeaMonkey to crash, or potentially execute arbitrary code as the\nuser running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,\nCVE-2008-0419)\n\nSeveral flaws were found in the way SeaMonkey displayed malformed web\ncontent. A webpage containing specially crafted content could trick a\nuser into surrendering sensitive information. (CVE-2008-0591,\nCVE-2008-0593)\n\nA flaw was found in the way SeaMonkey stored password data. If a user\nsaves login information for a malicious website, it could be possible\nto corrupt the password database, preventing the user from properly\naccessing saved password data. (CVE-2008-0417)\n\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If\na user has certain extensions installed, it could allow a malicious\nwebsite to steal sensitive session data. Note: this flaw does not\naffect a default installation of SeaMonkey. (CVE-2008-0418)\n\nA flaw was found in the way SeaMonkey saves certain text files. If a\nwebsite offers a file of type 'plain/text', rather than 'text/plain',\nSeaMonkey will not show future 'text/plain' content to the user in the\nbrowser, forcing them to save those files locally to view the content.\n(CVE-2008-0592)\n\nUsers of SeaMonkey are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0104\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 94, 119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:seamonkey-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0104\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-chat-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-devel-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-dom-inspector-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-js-debugger-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-mail-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nspr-devel-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-1.0.9-0.9.el2\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"seamonkey-nss-devel-1.0.9-0.9.el2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-chat-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-devel-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-dom-inspector-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-js-debugger-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-mail-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nspr-devel-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-1.0.9-0.9.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"seamonkey-nss-devel-1.0.9-0.9.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-chat-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-devel-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-dom-inspector-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-js-debugger-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-mail-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nspr-devel-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-1.0.9-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"seamonkey-nss-devel-1.0.9-9.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-chat / seamonkey-devel / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T15:52:19", "description": "The installed version of Firefox is affected by various security issues :\n\n - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption\n\n - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known.\n\n - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution.\n\n - An issue that could allow a malicious site to inject newlines into the application's password store when a user saves his password, resulting in corruption of saved passwords for other sites. \n\n - A directory traversal vulnerability via the 'chrome:' URI.\n\n - A vulnerability involving 'designMode' frames that may result in web browsing history and forward navigation stealing.\n\n - An information disclosure issue in the BMP decoder.\n\n - A file action dialog tampering vulnerability involving timer-enabled security dialogs.\n\n - Mis-handling of locally-saved plaintext files.\n\n - Possible disclosure of sensitive URL parameters, such as session tokens, via the .href property of stylesheet DOM nodes reflecting the final URI of the stylesheet after following any 302 redirects.\n\n - A failure to display a web forgery warning dialog in cases where the entire contents of a page are enclosed in a '<div>' with absolute positioning.\n\n - Multiple cross-site scripting vulnerabilities related to character encoding.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-08T00:00:00", "type": "nessus", "title": "Firefox < 2.0.0.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_20012.NASL", "href": "https://www.tenable.com/plugins/nessus/30209", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(30209);\n script_version(\"1.21\");\n\n script_cve_id(\n \"CVE-2008-0412\", \n \"CVE-2008-0413\", \n \"CVE-2008-0414\", \n \"CVE-2008-0415\", \n \"CVE-2008-0416\",\n \"CVE-2008-0417\", \n \"CVE-2008-0418\", \n \"CVE-2008-0419\", \n \"CVE-2008-0420\", \n \"CVE-2008-0591\",\n \"CVE-2008-0592\", \n \"CVE-2008-0593\", \n \"CVE-2008-0594\"\n );\n script_bugtraq_id(24293, 27406, 27683, 27826, 29303);\n\n script_name(english:\"Firefox < 2.0.0.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox is affected by various security\nissues :\n\n - Several stability bugs leading to crashes which, in\n some cases, show traces of memory corruption\n\n - Several file input focus stealing vulnerabilities\n that could result in uploading of arbitrary files\n provided their full path and file names are known.\n\n - Several issues that allow scripts from page content \n to escape from their sandboxed context and/or run \n with chrome privileges, resulting in privilege \n escalation, XSS, and/or remote code execution.\n\n - An issue that could allow a malicious site to inject\n newlines into the application's password store when\n a user saves his password, resulting in corruption\n of saved passwords for other sites. \n\n - A directory traversal vulnerability via the \n 'chrome:' URI.\n\n - A vulnerability involving 'designMode' frames that\n may result in web browsing history and forward \n navigation stealing.\n\n - An information disclosure issue in the BMP \n decoder.\n\n - A file action dialog tampering vulnerability\n involving timer-enabled security dialogs.\n\n - Mis-handling of locally-saved plaintext files.\n\n - Possible disclosure of sensitive URL parameters,\n such as session tokens, via the .href property of \n stylesheet DOM nodes reflecting the final URI of \n the stylesheet after following any 302 redirects.\n\n - A failure to display a web forgery warning \n dialog in cases where the entire contents of a page \n are enclosed in a '<div>' with absolute positioning.\n\n - Multiple cross-site scripting vulnerabilities \n related to character encoding.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-02/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-04/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-06/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-07/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-08/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-09/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-10/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-11/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 2.0.0.12 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/02/07\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\"); \n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'2.0.0.12', severity:SECURITY_HOLE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:25", "description": "Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-0412, CVE-2008-0413)\n\nFlaws were discovered in the file upload form control. A malicious website could force arbitrary files from the user's computer to be uploaded without consent. (CVE-2008-0414)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious web page, an attacker could escalate privileges within the browser, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges.\n(CVE-2008-0415)\n\nVarious flaws were discovered in character encoding handling. If a user were ticked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416)\n\nJustin Dolske discovered a flaw in the password saving mechanism. By tricking a user into opening a malicious web page, an attacker could corrupt the user's stored passwords. (CVE-2008-0417)\n\nGerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. (CVE-2008-0418)\n\nDavid Bloom discovered flaws in the way images are treated by the browser. A malicious website could exploit this to steal the user's history information, crash the browser and/or possibly execute arbitrary code with the user's privileges. (CVE-2008-0419)\n\nFlaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information. (CVE-2008-0420)\n\nMichal Zalewski discovered flaws with timer-enabled security dialogs.\nA malicious website could force the user to confirm a security dialog without explicit consent. (CVE-2008-0591)\n\nIt was discovered that Firefox mishandled locally saved plain text files. By tricking a user into saving a specially crafted text file, an attacker could prevent the browser from displaying local files with a .txt extension. (CVE-2008-0592)\n\nMartin Straka discovered flaws in stylesheet handling after a 302 redirect. By tricking a user into opening a malicious web page, an attacker could obtain sensitive URL parameters. (CVE-2008-0593)\n\nEmil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog wasn't displayed under certain circumstances. A malicious website could exploit this to conduct phishing attacks against the user. (CVE-2008-0594).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-02-11T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dbg", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:firefox-libthai", "p-cpe:/a:canonical:ubuntu_linux:libnspr-dev", "p-cpe:/a:canonical:ubuntu_linux:libnspr4", "p-cpe:/a:canonical:ubuntu_linux:libnss-dev", "p-cpe:/a:canonical:ubuntu_linux:libnss3", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector", "p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10"], "id": "UBUNTU_USN-576-1.NASL", "href": "https://www.tenable.com/plugins/nessus/30252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-576-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30252);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_xref(name:\"USN\", value:\"576-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various flaws were discovered in the browser and JavaScript engine. By\ntricking a user into opening a malicious web page, an attacker could\nexecute arbitrary code with the user's privileges. (CVE-2008-0412,\nCVE-2008-0413)\n\nFlaws were discovered in the file upload form control. A malicious\nwebsite could force arbitrary files from the user's computer to be\nuploaded without consent. (CVE-2008-0414)\n\nVarious flaws were discovered in the JavaScript engine. By tricking a\nuser into opening a malicious web page, an attacker could escalate\nprivileges within the browser, perform cross-site scripting attacks\nand/or execute arbitrary code with the user's privileges.\n(CVE-2008-0415)\n\nVarious flaws were discovered in character encoding handling. If a\nuser were ticked into opening a malicious web page, an attacker could\nperform cross-site scripting attacks. (CVE-2008-0416)\n\nJustin Dolske discovered a flaw in the password saving mechanism. By\ntricking a user into opening a malicious web page, an attacker could\ncorrupt the user's stored passwords. (CVE-2008-0417)\n\nGerry Eisenhaur discovered that the chrome URI scheme did not properly\nguard against directory traversal. Under certain circumstances, an\nattacker may be able to load files or steal session data. Ubuntu is\nnot vulnerable in the default installation. (CVE-2008-0418)\n\nDavid Bloom discovered flaws in the way images are treated by the\nbrowser. A malicious website could exploit this to steal the user's\nhistory information, crash the browser and/or possibly execute\narbitrary code with the user's privileges. (CVE-2008-0419)\n\nFlaws were discovered in the BMP decoder. By tricking a user into\nopening a specially crafted BMP file, an attacker could obtain\nsensitive information. (CVE-2008-0420)\n\nMichal Zalewski discovered flaws with timer-enabled security dialogs.\nA malicious website could force the user to confirm a security dialog\nwithout explicit consent. (CVE-2008-0591)\n\nIt was discovered that Firefox mishandled locally saved plain text\nfiles. By tricking a user into saving a specially crafted text file,\nan attacker could prevent the browser from displaying local files with\na .txt extension. (CVE-2008-0592)\n\nMartin Straka discovered flaws in stylesheet handling after a 302\nredirect. By tricking a user into opening a malicious web page, an\nattacker could obtain sensitive URL parameters. (CVE-2008-0593)\n\nEmil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery\nwarning dialog wasn't displayed under certain circumstances. A\nmalicious website could exploit this to conduct phishing attacks\nagainst the user. (CVE-2008-0594).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/576-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 94, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dbg\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-dom-inspector\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"firefox-gnome-support\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnspr4\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss-dev\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libnss3\", pkgver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-firefox-dev\", pkgver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr-dev\", pkgver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnspr4\", pkgver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss-dev\", pkgver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libnss3\", pkgver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dev\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-dom-inspector\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"mozilla-firefox-gnome-support\", pkgver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dbg\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dev\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-dom-inspector\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-gnome-support\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"firefox-libthai\", pkgver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:39", "description": "The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities)\n\n The following vulnerabilities were reported in all mentioned Mozilla products:\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412).\n Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413).\n David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419).\n moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).\n Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237).\n moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415).\n Gerry Eisenhaur discovered a directory traversal vulnerability when using 'flat' addons (CVE-2008-0418).\n Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the '0x80' character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416).\n The following vulnerability was reported in Thunderbird and SeaMonkey:\n regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304).\n The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner:\n The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380).\n hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414).\n Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a 'canvas' feature (CVE-2008-0420).\n Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241).\n oo.rio.oo discovered that a plain text file with a 'Content-Disposition: attachment' prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592).\n Martin Straka reported that the '.href' property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593).\n Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the 'Referer:' HTTP header are removed (CVE-2008-1238).\n Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879).\n Gregory Fleischer reported that web content fetched via the 'jar:' protocol was not subject to network access restrictions (CVE-2008-1240).\n The following vulnerabilities were reported in Firefox:\n Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417).\n Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591).\n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594).\n Impact :\n\n A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2008-05-22T00:00:00", "type": "nessus", "title": "GLSA-200805-18 : Mozilla products: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mozilla-firefox", "p-cpe:/a:gentoo:linux:mozilla-firefox-bin", "p-cpe:/a:gentoo:linux:mozilla-thunderbird", "p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin", "p-cpe:/a:gentoo:linux:seamonkey", "p-cpe:/a:gentoo:linux:seamonkey-bin", "p-cpe:/a:gentoo:linux:xulrunner", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200805-18.NASL", "href": "https://www.tenable.com/plugins/nessus/32416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200805-18.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32416);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-1380\");\n script_xref(name:\"GLSA\", value:\"200805-18\");\n\n script_name(english:\"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200805-18\n(Mozilla products: Multiple vulnerabilities)\n\n The following vulnerabilities were reported in all mentioned Mozilla\n products:\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul\n Nickerson reported browser crashes related to JavaScript methods,\n possibly triggering memory corruption (CVE-2008-0412).\n Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\n Philip Taylor, and tgirmann reported crashes in the JavaScript engine,\n possibly triggering memory corruption (CVE-2008-0413).\n David Bloom discovered a vulnerability in the way images are treated by\n the browser when a user leaves a page, possibly triggering memory\n corruption (CVE-2008-0419).\n moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of\n privilege escalation vulnerabilities related to JavaScript\n (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).\n Mozilla developers identified browser crashes caused by the layout and\n JavaScript engines, possibly triggering memory corruption\n (CVE-2008-1236, CVE-2008-1237).\n moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from\n its sandboxed context and run with chrome privileges, and inject script\n content into another site, violating the browser's same origin policy\n (CVE-2008-0415).\n Gerry Eisenhaur discovered a directory traversal vulnerability when\n using 'flat' addons (CVE-2008-0418).\n Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported\n multiple character handling flaws related to the backspace character,\n the '0x80' character, involving zero-length non-ASCII sequences in\n multiple character sets, that could facilitate Cross-Site Scripting\n attacks (CVE-2008-0416).\n The following vulnerability was reported in Thunderbird and SeaMonkey:\n regenrecht (via iDefense) reported a heap-based buffer overflow when\n rendering an email message with an external MIME body (CVE-2008-0304).\n The following vulnerabilities were reported in Firefox, SeaMonkey and\n XULRunner:\n The fix for CVE-2008-1237 in Firefox 2.0.0.13\n and SeaMonkey 1.1.9 introduced a new crash vulnerability\n (CVE-2008-1380).\n hong and Gregory Fleischer each reported a\n variant on earlier reported bugs regarding focus shifting in file input\n controls (CVE-2008-0414).\n Gynvael Coldwind (Vexillium) discovered that BMP images could be used\n to reveal uninitialized memory, and that this data could be extracted\n using a 'canvas' feature (CVE-2008-0420).\n Chris Thomas reported that background tabs could create a borderless\n XUL pop-up in front of pages in other tabs (CVE-2008-1241).\n oo.rio.oo discovered that a plain text file with a\n 'Content-Disposition: attachment' prevents Firefox from rendering\n future plain text files within the browser (CVE-2008-0592).\n Martin Straka reported that the '.href' property of stylesheet DOM\n nodes is modified to the final URI of a 302 redirect, bypassing the\n same origin policy (CVE-2008-0593).\n Gregory Fleischer discovered that under certain circumstances, leading\n characters from the hostname part of the 'Referer:' HTTP header are\n removed (CVE-2008-1238).\n Peter Brodersen and Alexander Klink reported that the browser\n automatically selected and sent a client certificate when SSL Client\n Authentication is requested by a server (CVE-2007-4879).\n Gregory Fleischer reported that web content fetched via the 'jar:'\n protocol was not subject to network access restrictions\n (CVE-2008-1240).\n The following vulnerabilities were reported in Firefox:\n Justin Dolske discovered a CRLF injection vulnerability when storing\n passwords (CVE-2008-0417).\n Michal Zalewski discovered that Firefox does not properly manage a\n delay timer used in confirmation dialogs (CVE-2008-0591).\n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery\n warning dialog is not displayed if the entire contents of a web page\n are in a DIV tag that uses absolute positioning (CVE-2008-0594).\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email that will trigger one of the vulnerabilities, possibly\n leading to the execution of arbitrary code or a Denial of Service. It\n is also possible for an attacker to trick a user to upload arbitrary\n files when submitting a form, to corrupt saved passwords for other\n sites, to steal login credentials, or to conduct Cross-Site Scripting\n and Cross-Site Request Forgery attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200805-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14'\n All Mozilla Firefox binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14'\n All Mozilla Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14'\n All Mozilla Thunderbird binary users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14'\n All SeaMonkey users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1'\n All SeaMonkey binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9'\n All XULRunner users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14'\n NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in\n the SeaMonkey binary ebuild, as no precompiled packages have been\n released. Until an update is available, we recommend all SeaMonkey\n users to disable JavaScript, use Firefox for JavaScript-enabled\n browsing, or switch to the SeaMonkey source ebuild.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/mozilla-firefox-bin\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey-bin\", unaffected:make_list(\"ge 1.1.9\"), vulnerable:make_list(\"lt 1.1.9\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird-bin\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey\", unaffected:make_list(\"ge 1.1.9-r1\"), vulnerable:make_list(\"lt 1.1.9-r1\"))) flag++;\nif (qpkg_check(package:\"mail-client/mozilla-thunderbird\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\nif (qpkg_check(package:\"net-libs/xulrunner\", unaffected:make_list(\"ge 1.8.1.14\"), vulnerable:make_list(\"lt 1.8.1.14\"))) flag++;\nif (qpkg_check(package:\"www-client/mozilla-firefox\", unaffected:make_list(\"ge 2.0.0.14\"), vulnerable:make_list(\"lt 2.0.0.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla products\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T13:33:04", "description": "Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws \nin Firefox's character encoding handling. If a user were tricked into \nopening a malicious web page, an attacker could perform cross-site \nscripting attacks. (CVE-2008-0416)\n\nVarious flaws were discovered in the JavaScript engine. By tricking \na user into opening a malicious web page, an attacker could escalate \nprivileges within the browser, perform cross-site scripting attacks \nand/or execute arbitrary code with the user's privileges. \n(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n\nSeveral problems were discovered in Firefox which could lead to crashes \nand memory corruption. If a user were tricked into opening a malicious \nweb page, an attacker may be able to execute arbitrary code with the \nuser's privileges. (CVE-2008-1236, CVE-2008-1237)\n\nGregory Fleischer discovered Firefox did not properly process HTTP \nReferrer headers when they were sent with with requests to URLs \ncontaining Basic Authentication credentials with empty usernames. An \nattacker could exploit this vulnerability to perform cross-site request \nforgery attacks. (CVE-2008-1238)\n\nPeter Brodersen and Alexander Klink reported that default the setting in \nFirefox for SSL Client Authentication allowed for users to be tracked \nvia their client certificate. The default has been changed to prompt \nthe user each time a website requests a client certificate. \n(CVE-2007-4879)\n\nGregory Fleischer discovered that web content fetched via the jar \nprotocol could use Java LiveConnect to connect to arbitrary ports on \nthe user's machine due to improper parsing in the Java plugin. If a \nuser were tricked into opening malicious web content, an attacker may be \nable to access services running on the user's machine. (CVE-2008-1195, \nCVE-2008-1240)\n\nChris Thomas discovered that Firefox would allow an XUL popup from an \nunselected tab to display in front of the selected tab. An attacker \ncould exploit this behavior to spoof a login prompt and steal the user's \ncredentials. (CVE-2008-1241)\n", "cvss3": {}, "published": "2008-03-26T00:00:00", "type": "ubuntu", "title": "Firefox vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1195", "CVE-2008-1234", "CVE-2008-1241", "CVE-2008-1233", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2007-4879", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-0416"], "modified": "2008-03-26T00:00:00", "id": "USN-592-1", "href": "https://ubuntu.com/security/notices/USN-592-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:33:35", "description": "Various flaws were discovered in the browser and JavaScript engine. \nBy tricking a user into opening a malicious web page, an attacker \ncould execute arbitrary code with the user's privileges. \n(CVE-2008-0412, CVE-2008-0413)\n\nFlaws were discovered in the file upload form control. A malicious \nwebsite could force arbitrary files from the user's computer to be \nuploaded without consent. (CVE-2008-0414)\n\nVarious flaws were discovered in the JavaScript engine. By tricking \na user into opening a malicious web page, an attacker could escalate \nprivileges within the browser, perform cross-site scripting attacks \nand/or execute arbitrary code with the user's privileges. (CVE-2008-0415)\n\nVarious flaws were discovered in character encoding handling. If a \nuser were ticked into opening a malicious web page, an attacker \ncould perform cross-site scripting attacks. (CVE-2008-0416)\n\nJustin Dolske discovered a flaw in the password saving mechanism. By \ntricking a user into opening a malicious web page, an attacker could \ncorrupt the user's stored passwords. (CVE-2008-0417)\n\nGerry Eisenhaur discovered that the chrome URI scheme did not properly \nguard against directory traversal. Under certain circumstances, an \nattacker may be able to load files or steal session data. Ubuntu is \nnot vulnerable in the default installation. (CVE-2008-0418)\n\nDavid Bloom discovered flaws in the way images are treated by the \nbrowser. A malicious website could exploit this to steal the user's \nhistory information, crash the browser and/or possibly execute \narbitrary code with the user's privileges. (CVE-2008-0419)\n\nFlaws were discovered in the BMP decoder. By tricking a user into \nopening a specially crafted BMP file, an attacker could obtain \nsensitive information. (CVE-2008-0420)\n\nMichal Zalewski discovered flaws with timer-enabled security dialogs. \nA malicious website could force the user to confirm a security dialog \nwithout explicit consent. (CVE-2008-0591)\n\nIt was discovered that Firefox mishandled locally saved plain text \nfiles. By tricking a user into saving a specially crafted text file, \nan attacker could prevent the browser from displaying local files \nwith a .txt extension. (CVE-2008-0592)\n\nMartin Straka discovered flaws in stylesheet handling after a 302 \nredirect. By tricking a user into opening a malicious web page, an \nattacker could obtain sensitive URL parameters. (CVE-2008-0593)\n\nEmil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery \nwarning dialog wasn't displayed under certain circumstances. A \nmalicious website could exploit this to conduct phishing attacks \nagainst the user. (CVE-2008-0594)\n", "cvss3": {}, "published": "2008-02-08T00:00:00", "type": "ubuntu", "title": "Firefox vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0412", "CVE-2008-0591", "CVE-2008-0413", "CVE-2008-0593", "CVE-2008-0420", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0417", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0416"], "modified": "2008-02-08T00:00:00", "id": "USN-576-1", "href": "https://ubuntu.com/security/notices/USN-576-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:28:53", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-592-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox vulnerabilities USN-592-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840285", "href": "http://plugins.openvas.org/nasl.php?oid=840285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_592_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for firefox vulnerabilities USN-592-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws\n in Firefox's character encoding handling. If a user were tricked into\n opening a malicious web page, an attacker could perform cross-site\n scripting attacks. (CVE-2008-0416)\n\n Various flaws were discovered in the JavaScript engine. By tricking\n a user into opening a malicious web page, an attacker could escalate\n privileges within the browser, perform cross-site scripting attacks\n and/or execute arbitrary code with the user's privileges.\n (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)\n \n Several problems were discovered in Firefox which could lead to crashes\n and memory corruption. If a user were tricked into opening a malicious\n web page, an attacker may be able to execute arbitrary code with the\n user's privileges. (CVE-2008-1236, CVE-2008-1237)\n \n Gregory Fleischer discovered Firefox did not properly process HTTP\n Referrer headers when they were sent with with requests to URLs\n containing Basic Authentication credentials with empty usernames. An\n attacker could exploit this vulnerability to perform cross-site request\n forgery attacks. (CVE-2008-1238)\n \n Peter Brodersen and Alexander Klink reported that default the setting in\n Firefox for SSL Client Authentication allowed for users to be tracked\n via their client certificate. The default has been changed to prompt\n the user each time a website requests a client certificate.\n (CVE-2007-4879)\n \n Gregory Fleischer discovered that web content fetched via the jar\n protocol could use Java LiveConnect to connect to arbitrary ports on\n the user's machine due to improper parsing in the Java plugin. If a\n user were tricked into opening malicious web content, an attacker may be\n able to access services running on the user's machine. (CVE-2008-1195,\n CVE-2008-1240)\n \n Chris Thomas discovered that Firefox would allow an XUL popup from an\n unselected tab to display in front of the selected tab. An attacker\n could exploit this behavior to spoof a login prompt and steal the user's\n credentials. (CVE-2008-1241)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-592-1\";\ntag_affected = \"firefox vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-592-1/\");\n script_id(840285);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"592-1\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0416\", \"CVE-2008-1195\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_name( \"Ubuntu Update for firefox vulnerabilities USN-592-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.13+0nobinonly-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.13+1nobinonly-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:21", "description": "Oracle Linux Local Security Checks ELSA-2008-0103", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0103", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122612", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122612", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0103.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122612\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:16 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0103\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0103 - Critical: firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0103\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0103.html\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~1.5.0.12~9.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"firefox-devel\", rpm:\"firefox-devel~1.5.0.12~9.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T16:39:04", "description": "The remote host is probable affected by the vulnerabilitys described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-0412", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:136141256231090014", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090014", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.90014\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-0412\", \"CVE-2008-0416\");\n script_name(\"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\");\n\n script_tag(name:\"solution\", value:\"All Users should upgrade to the latest versions of Firefox, Thunderbird or Seamonkey.\");\n\n script_tag(name:\"summary\", value:\"The remote host is probable affected by the vulnerabilitys described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\");\n\n script_tag(name:\"impact\", value:\"Mozilla contributors moz_bug_r_a4, Boris Zbarsky,\n and Johnny Stenback reported a series of vulnerabilities which allow scripts from\n page content to run with elevated privileges. moz_bug_r_a4 demonstrated additional\n variants of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution through\n XPCNativeWrapper pollution). Additional vulnerabilities reported separately by\n Boris Zbarsky, Johnny Stenback, and moz_bug_r_a4 showed that the browser could be\n forced to run JavaScript code using the wrong principal leading to universal XSS\n and arbitrary code execution. And more...\");\n\n script_tag(name:\"deprecated\", value:TRUE); # This NVT is broken in many ways...\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\nexit(66);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-08T11:44:49", "description": "The remote host is probable affected by the vulnerabilitys described in \nCVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\nCVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\nCVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\n\n\nImpact\n Mozilla contributors moz_bug_r_a4, Boris Zbarsky, \n and Johnny Stenback reported a series of vulnerabilities \n which allow scripts from page content to run with elevated\n privileges. moz_bug_r_a4 demonstrated additional variants\n of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution\n through XPCNativeWrapper pollution). Additional \n vulnerabilities reported separately by Boris Zbarsky, \n Johnny Stenback, and moz_bug_r_a4 showed that the browser\n could be forced to run JavaScript code using the wrong \n principal leading to universal XSS and arbitrary code execution.\n And more...", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-0412", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:90014", "href": "http://plugins.openvas.org/nasl.php?oid=90014", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mozilla_CB-A08-0017.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host is probable affected by the vulnerabilitys described in \nCVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\nCVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\nCVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\n\n\nImpact\n Mozilla contributors moz_bug_r_a4, Boris Zbarsky, \n and Johnny Stenback reported a series of vulnerabilities \n which allow scripts from page content to run with elevated\n privileges. moz_bug_r_a4 demonstrated additional variants\n of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution\n through XPCNativeWrapper pollution). Additional \n vulnerabilities reported separately by Boris Zbarsky, \n Johnny Stenback, and moz_bug_r_a4 showed that the browser\n could be forced to run JavaScript code using the wrong \n principal leading to universal XSS and arbitrary code execution.\n And more...\";\n\ntag_solution = \"All Users should upgrade to the latest versions of Firefox, Thunderbird or Seamonkey.\";\n\n# $Revision: 8023 $\n\nif(description)\n{\n\n script_id(90014);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-0412\", \"CVE-2008-0416\");\n name = \"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Linux)\";\n script_name(name);\n\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n family = \"General\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n\n # This NVT is broken in many ways...\n script_tag(name:\"deprecated\", value:TRUE); \n\n exit(0);\n}\n\nexit(66);\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(!sock){\n exit(0);\n}\n\nr = find_bin(prog_name:\"firefox\", sock:sock);\nforeach binary_name (r) {\n binary_name = chomp(binary_name);\n ver = get_bin_version(full_prog_name:binary_name, version_argv:\"--version\", ver_pattern:\"([0-9\\.]+)\");\n if(ver != NULL) {\n if(version_is_less(version:ver[0], test_version:\"2.0.0.14\") ) {\n security_message(port:0);\n report = string(\"\\nFound : \") + binary_name + \" Version : \" + ver[max_index(ver)-1] + string(\"\\n\");\n security_message(port:0, data:report);\n } \n }\n}\nr = find_bin(prog_name:\"thunderbird\", sock:sock);\nforeach binary_name (r) {\n binary_name = chomp(binary_name);\n ver = get_bin_version(full_prog_name:binary_name, version_argv:\"--version\", ver_pattern:\"([0-9\\.]+)\");\n if(ver != NULL) {\n if(version_is_less(version:ver[0], test_version:\"2.0.0.14\") ) {\n security_message(port:0);\n report = string(\"\\nFound : \") + binary_name + \" Version : \" + ver[max_index(ver)-1] + string(\"\\n\");\n security_message(port:0, data:report);\n } \n }\n}\nr = find_bin(prog_name:\"seamonkey\", sock:sock);\nforeach binary_name (r) {\n binary_name = chomp(binary_name);\n ver = get_bin_version(full_prog_name:binary_name, version_argv:\"--version\", ver_pattern:\"([0-9\\.]+)\");\n if(ver != NULL) {\n if(version_is_less(version:ver[0], test_version:\"1.1.9\") ) {\n security_message(port:0);\n report = string(\"\\nFound : \") + binary_name + \" Version : \" + ver[max_index(ver)-1] + string(\"\\n\");\n security_message(port:0, data:report);\n } \n }\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-13T10:49:36", "description": "The remote host is probable affected by the vulnerabilities described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.", "cvss3": {}, "published": "2008-06-17T00:00:00", "type": "openvas", "title": "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-1236", "CVE-2008-1195", "CVE-2008-0412", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1233", "CVE-2008-0416", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1241"], "modified": "2017-06-28T00:00:00", "id": "OPENVAS:90013", "href": "http://plugins.openvas.org/nasl.php?oid=90013", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: smbcl_mozilla.nasl 6467 2017-06-28 13:51:19Z cfischer $\n# Description: Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n# Modified to implement through 'smb_nt.inc'\n# - By Sharath S <sharaths@secpod.com> On 2009-09-17\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_impact = \"Mozilla contributors moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported\n a series of vulnerabilities which allow scripts from page content to run with\n elevated privileges. moz_bug_r_a4 demonstrated additional variants of MFSA\n 2007-25 and MFSA2007-35 (arbitrary code execution through XPCNativeWrapper\n pollution). Additional vulnerabilities reported separately by Boris Zbarsky,\n Johnny Stenback, and moz_bug_r_a4 showed that the browser could be forced to\n run JavaScript code using the wrong principal leading to universal XSS\n and arbitrary code execution.\";\n\ntag_summary = \"The remote host is probable affected by the vulnerabilities described in\n CVE-2008-0416, CVE-2007-4879, CVE-2008-1195, CVE-2008-1233,\n CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237,\n CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 and more.\";\n\ntag_solution = \"All Users should upgrade to the latest versions of Firefox, Thunderbird or\n Seamonkey.\n http://www.mozilla.com/en-US/firefox/all.html\n http://www.seamonkey-project.org/releases/\n http://www.mozillamessaging.com/en-US/thunderbird/all.html\";\n\n# $Revision: 6467 $\n\nif(description)\n{\n script_id(90013);\n script_version(\"$Revision: 6467 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-28 15:51:19 +0200 (Wed, 28 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-06-17 20:22:38 +0200 (Tue, 17 Jun 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0416\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\");\n script_bugtraq_id(28448);\n script_name(\"Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_win.nasl\", \"gb_seamonkey_detect_win.nasl\", \"gb_thunderbird_detect_win.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox_or_Seamonkey_or_Thunderbird/Installed\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\n# Firefox Check\nffVer = get_kb_item(\"Firefox/Win/Ver\");\nif(ffVer)\n{\n # Grep for Firefox version < 2.0.0.14\n if(version_is_less(version:ffVer, test_version:\"2.0.0.14\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Seamonkey Check\nsmVer = get_kb_item(\"Seamonkey/Win/Ver\");\nif(smVer)\n{\n # Grep for Seamonkey version < 1.1.9\n if(version_is_less(version:smVer, test_version:\"1.1.9\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Thunderbird Check\ntbVer = get_kb_item(\"Thunderbird/Win/Ver\");\nif(tbVer)\n{\n # Grep for Thunderbird version < 2.0.0.14\n if(version_is_less(version:tbVer, test_version:\"2.0.0.14\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:44", "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 1485-1.", "cvss3": {}, "published": "2008-02-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1485-1 (icedove)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60362", "href": "http://plugins.openvas.org/nasl.php?oid=60362", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1485_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1485-1 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Icedove mail\nclient, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\nNickerson discovered crashes in the layout engine, which might allow\nthe execution of arbitrary code.\n\nCVE-2008-0413\n\nCarsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\nPhilip Taylor and tgirmann discovered crashes in the Javascript\nengine, which might allow the execution of arbitrary code.\n\nCVE-2008-0415\n\nmoz_bug_r_a4 and Boris Zbarsky discovered discovered several\nvulnerabilities in Javascript handling, which could allow\nprivilege escalation.\n\nCVE-2008-0418\n\nGerry Eisenhaur and moz_bug_r_a4 discovered that a directory\ntraversal vulnerability in chrome: URI handling could lead to\ninformation disclosure.\n\nCVE-2008-0419\n\nDavid Bloom discovered a race condition in the image handling of\ndesignMode elements, which can lead to information disclosure or\npotentially the execution of arbitrary code.\n\nCVE-2008-0591\n\nMichal Zalewski discovered that timers protecting security-sensitive\ndialogs (which disable dialog elements until a timeout is reached)\ncould be bypassed by window focus changes through Javascript.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch1.\n\nThe Mozilla products in the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 1485-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201485-1\";\n\n\nif(description)\n{\n script_id(60362);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-15 23:29:21 +0100 (Fri, 15 Feb 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1485-1 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-inspector\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-inspector\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1.5.0.13+1.5.0.15a.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-inspector\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:43", "description": "The remote host is missing an update to icedove\nannounced via advisory DSA 1485-2.", "cvss3": {}, "published": "2008-03-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1485-2 (icedove)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60575", "href": "http://plugins.openvas.org/nasl.php?oid=60575", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1485_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1485-2 (icedove)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A regression has been fixed in icedove's frame handling code. For\nreference you can find the original update below:\n\nSeveral remote vulnerabilities have been discovered in the Icedove mail\nclient, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\nNickerson discovered crashes in the layout engine, which might allow\nthe execution of arbitrary code.\n\nCVE-2008-0413\n\nCarsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\nPhilip Taylor and tgirmann discovered crashes in the Javascript\nengine, which might allow the execution of arbitrary code.\n\nCVE-2008-0415\n\nmoz_bug_r_a4 and Boris Zbarsky discovered discovered several\nvulnerabilities in Javascript handling, which could allow\nprivilege escalation.\n\nCVE-2008-0418\n\nGerry Eisenhaur and moz_bug_r_a4 discovered that a directory\ntraversal vulnerability in chrome: URI handling could lead to\ninformation disclosure.\n\nCVE-2008-0419\n\nDavid Bloom discovered a race condition in the image handling of\ndesignMode elements, which can lead to information disclosure or\npotentially the execution of arbitrary code.\n\nCVE-2008-0591\n\nMichal Zalewski discovered that timers protecting security-sensitive\ndialogs (which disable dialog elements until a timeout is reached)\ncould be bypassed by window focus changes through Javascript.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch2.\n\nThe Mozilla products in the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"The remote host is missing an update to icedove\nannounced via advisory DSA 1485-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201485-2\";\n\n\nif(description)\n{\n script_id(60575);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-03-19 20:30:32 +0100 (Wed, 19 Mar 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1485-2 (icedove)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-inspector\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-inspector\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-inspector\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1.5.0.13+1.5.0.15b.dfsg1-0etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:20", "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 1484-1.", "cvss3": {}, "published": "2008-02-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1484-1 (xulrunner)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60363", "href": "http://plugins.openvas.org/nasl.php?oid=60363", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1484_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1484-1 (xulrunner)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2008-0412\n\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\nNickerson discovered crashes in the layout engine, which might allow\nthe execution of arbitrary code.\n\nCVE-2008-0413\n\nCarsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\nPhilip Taylor and tgirmann discovered crashes in the Javascript\nengine, which might allow the execution of arbitrary code.\n\nCVE-2008-0414\n\nhong and Gregory Fleisher discovered that file input focus\nvulnerabilities in the file upload control could allow information\ndisclosure of local files.\n\nCVE-2008-0415\n\nmoz_bug_r_a4 and Boris Zbarsky discovered discovered several\nvulnerabilities in Javascript handling, which could allow\nprivilege escalation.\n\nCVE-2008-0417\n\nJustin Dolske discovered that the password storage machanism could\nbe abused by malicious web sites to corrupt existing saved passwords.\n\nCVE-2008-0418\n\nGerry Eisenhaur and moz_bug_r_a4 discovered that a directory\ntraversal vulnerability in chrome: URI handling could lead to\ninformation disclosure.\n\nCVE-2008-0419\n\nDavid Bloom discovered a race condition in the image handling of\ndesignMode elements, which could lead to information disclosure or\npotentially the execution of arbitrary code.\n\nCVE-2008-0591\n\nMichal Zalewski discovered that timers protecting security-sensitive\ndialogs (which disable dialog elements until a timeout is reached)\ncould be bypassed by window focus changes through Javascript.\n\nCVE-2008-0592\n\nIt was discovered that malformed content declarations of saved\nattachments could prevent a user in the opening local files\nwith a .txt file name, resulting in minor denial of service.\n\nCVE-2008-0593\n\nMartin Straka discovered that insecure stylesheet handling during\nredirects could lead to information disclosure.\n\nCVE-2008-0594\n\nEmil Ljungdahl and Lars-Olof Moilanen discovered that phishing\nprotections could be bypassed with <div> elements.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080131b-0etch1.\n\nThe old stable distribution (sarge) doesn't contain xulrunner.\n\nWe recommend that you upgrade your xulrunner packages.\";\ntag_summary = \"The remote host is missing an update to xulrunner\nannounced via advisory DSA 1484-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201484-1\";\n\n\nif(description)\n{\n script_id(60363);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-15 23:29:21 +0100 (Fri, 15 Feb 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1484-1 (xulrunner)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxul-dev\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-common\", ver:\"1.8.0.15~pre080131a-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.8.0.15~pre080131a-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"1.8.0.15~pre080131a-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs1\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs-dev\", ver:\"1.8.0.15~pre080131a-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d-dbg\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d-dbg\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d-dbg\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-gnome-support\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"1.8.0.15~pre080131b-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing an update to iceweasel\nannounced via advisory DSA 1489-1.", "cvss3": {}, "published": "2008-02-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1489-1 (iceweasel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60364", "href": "http://plugins.openvas.org/nasl.php?oid=60364", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1489_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1489-1 (iceweasel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\nNickerson discovered crashes in the layout engine, which might allow\nthe execution of arbitrary code.\n\nCVE-2008-0413\n\nCarsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\nPhilip Taylor and tgirmann discovered crashes in the Javascript\nengine, which might allow the execution of arbitrary code.\n\nCVE-2008-0414\n\nhong and Gregory Fleisher discovered that file input focus\nvulnerabilities in the file upload control could allow information\ndisclosure of local files.\n\nCVE-2008-0415\n\nmoz_bug_r_a4 and Boris Zbarsky discovered discovered several\nvulnerabilities in Javascript handling, which could allow\nprivilege escalation.\n\nCVE-2008-0417\n\nJustin Dolske discovered that the password storage machanism could\nbe abused by malicious web sites to corrupt existing saved passwords.\n\nCVE-2008-0418\n\nGerry Eisenhaur and moz_bug_r_a4 discovered that a directory\ntraversal vulnerability in chrome: URI handling could lead to\ninformation disclosure.\n\nCVE-2008-0419\n\nDavid Bloom discovered a race condition in the image handling of\ndesignMode elements, which can lead to information disclosure or\npotentially the execution of arbitrary code.\n\nCVE-2008-0591\n\nMichal Zalewski discovered that timers protecting security-sensitive\ndialogs (which disable dialog elements until a timeout is reached)\ncould be bypassed by window focus changes through Javascript.\n\nCVE-2008-0592\n\nIt was discovered that malformed content declarations of saved\nattachments could prevent a user in the opening local files\nwith a .txt file name, resulting in minor denial of service.\n\nCVE-2008-0593\n\nMartin Straka discovered that insecure stylesheet handling during\nredirects could lead to information disclosure.\n\nCVE-2008-0594\n\nEmil Ljungdahl and Lars-Olof Moilanen discovered that phishing\nprotections could be bypassed with <div> elements.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.12-0etch1.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your iceweasel packages.\";\ntag_summary = \"The remote host is missing an update to iceweasel\nannounced via advisory DSA 1489-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201489-1\";\n\n\nif(description)\n{\n script_id(60364);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-15 23:29:21 +0100 (Fri, 15 Feb 2008)\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1489-1 (iceweasel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dom-inspector\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-gnome-support\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"2.0.0.12-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:13", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-576-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox vulnerabilities USN-576-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840192", "href": "http://plugins.openvas.org/nasl.php?oid=840192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_576_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for firefox vulnerabilities USN-576-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various flaws were discovered in the browser and JavaScript engine.\n By tricking a user into opening a malicious web page, an attacker\n could execute arbitrary code with the user's privileges.\n (CVE-2008-0412, CVE-2008-0413)\n\n Flaws were discovered in the file upload form control. A malicious\n website could force arbitrary files from the user's computer to be\n uploaded without consent. (CVE-2008-0414)\n \n Various flaws were discovered in the JavaScript engine. By tricking\n a user into opening a malicious web page, an attacker could escalate\n privileges within the browser, perform cross-site scripting attacks\n and/or execute arbitrary code with the user's privileges. (CVE-2008-0415)\n \n Various flaws were discovered in character encoding handling. If a\n user were ticked into opening a malicious web page, an attacker\n could perform cross-site scripting attacks. (CVE-2008-0416)\n \n Justin Dolske discovered a flaw in the password saving mechanism. By\n tricking a user into opening a malicious web page, an attacker could\n corrupt the user's stored passwords. (CVE-2008-0417)\n \n Gerry Eisenhaur discovered that the chrome URI scheme did not properly\n guard against directory traversal. Under certain circumstances, an\n attacker may be able to load files or steal session data. Ubuntu is\n not vulnerable in the default installation. (CVE-2008-0418)\n \n David Bloom discovered flaws in the way images are treated by the\n browser. A malicious website could exploit this to steal the user's\n history information, crash the browser and/or possibly execute\n arbitrary code with the user's privileges. (CVE-2008-0419)\n \n Flaws were discovered in the BMP decoder. By tricking a user into\n opening a specially crafted BMP file, an attacker could obtain\n sensitive information. (CVE-2008-0420)\n \n Michal Zalewski discovered flaws with timer-enabled security dialogs.\n A malicious website could force the user to confirm a security dialog\n without explicit consent. (CVE-2008-0591)\n \n It was discovered that Firefox mishandled locally saved plain text\n files. By tricking a user into saving a specially crafted text file,\n an attacker could prevent the browser from displaying local files\n with a .txt extension. (CVE-2008-0592)\n \n Martin Straka discovered flaws in stylesheet handling after a 302\n redirect. By tricking a user into opening a malicious web page, an\n attacker could obtain sensitive URL parameters. (CVE-2008-0593)\n \n Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery\n warning dialog wasn't displayed under certain circumstances. A\n malicious website could exploit this to conduct phishing attacks\n against the user. (CVE-2008-0594)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-576-1\";\ntag_affected = \"firefox vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-576-1/\");\n script_id(840192);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"576-1\");\n script_cve_id(\"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\");\n script_name( \"Ubuntu Update for firefox vulnerabilities USN-576-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.12+1nobinonly+2-0ubuntu0.7.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr-dev\", ver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4\", ver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss-dev\", ver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"1.firefox2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dev\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-dom-inspector\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox-gnome-support\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"mozilla-firefox\", ver:\"2.0.0.12+0nobinonly+2-0ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox-dbg\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dev\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-gnome-support\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-libthai\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"firefox-dom-inspector\", ver:\"2.0.0.12+2nobinonly+2-0ubuntu0.7.10\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200805-18.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200805-18 (mozilla ...)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4879", "CVE-2008-0417", "CVE-2008-1236", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0594", "CVE-2008-1240", "CVE-2008-1237", "CVE-2008-0593", "CVE-2008-1238", "CVE-2008-0413", "CVE-2008-1380", "CVE-2008-1233", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0304", "CVE-2008-0592", "CVE-2008-0414", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-0420", "CVE-2008-1241", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61052", "href": "http://plugins.openvas.org/nasl.php?oid=61052", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been reported in Mozilla Firefox,\nThunderbird, SeaMonkey and XULRunner, some of which may allow\nuser-assisted execution of arbitrary code.\";\ntag_solution = \"Upgrade to the latest package. For details, please visit the\nreferenced security advisory.\n\nNOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the\nSeaMonkey binary ebuild, as no precompiled packages have been released.\nUntil an update is available, we recommend all SeaMonkey users to disable\nJavaScript, use Firefox for JavaScript-enabled browsing, or switch to the\nSeaMonkey source ebuild.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200805-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=208128\nhttp://bugs.gentoo.org/show_bug.cgi?id=214816\nhttp://bugs.gentoo.org/show_bug.cgi?id=218065\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200805-18.\";\n\n \n\nif(description)\n{\n script_id(61052);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-4879\", \"CVE-2008-0304\", \"CVE-2008-0412\", \"CVE-2008-0413\", \"CVE-2008-0414\", \"CVE-2008-0415\", \"CVE-2008-0416\", \"CVE-2008-0417\", \"CVE-2008-0418\", \"CVE-2008-0419\", \"CVE-2008-0420\", \"CVE-2008-0591\", \"CVE-2008-0592\", \"CVE-2008-0593\", \"CVE-2008-0594\", \"CVE-2008-1233\", \"CVE-2008-1234\", \"CVE-2008-1235\", \"CVE-2008-1236\", \"CVE-2008-1237\", \"CVE-2008-1238\", \"CVE-2008-1240\", \"CVE-2008-1241\", \"CVE-2008-1380\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200805-18 (mozilla ...)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-client/mozilla-firefox\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/mozilla-firefox-bin\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"mail-client/mozilla-thunderbird-bin\", unaffected: make_list(\"ge 2.0.0.14\"), vulnerable: make_list(\"lt 2.0.0.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/seamonkey\", unaffected: make_list(\"ge 1.1.9-r1\"), vulnerable: make_list(\"lt 1.1.9-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-client/seamonkey-bin\", unaffected: make_list(\"ge 1.1.9\"), vulnerable: make_list(\"lt 1.1.9\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-libs/xulrunner\", unaffected: make_list(\"ge 1.8.1.14\"), vulnerable: make_list(\"lt 1.8.1.14\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2022-02-27T15:52:07", "description": "**CentOS Errata and Security Advisory** CESA-2008:0103\n\n\nMozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the way Firefox processed certain malformed web\r\ncontent. A webpage containing malicious content could cause Firefox to\r\ncrash, or potentially execute arbitrary code as the user running Firefox.\r\n(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\r\n\r\nSeveral flaws were found in the way Firefox displayed malformed web\r\ncontent. A webpage containing specially-crafted content could trick a user\r\ninto surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\r\n\r\nA flaw was found in the way Firefox stored password data. If a user saves\r\nlogin information for a malicious website, it could be possible to corrupt\r\nthe password database, preventing the user from properly accessing saved\r\npassword data. (CVE-2008-0417)\r\n\r\nA flaw was found in the way Firefox handles certain chrome URLs. If a user\r\nhas certain extensions installed, it could allow a malicious website to\r\nsteal sensitive session data. Note: this flaw does not affect a default\r\ninstallation of Firefox. (CVE-2008-0418)\r\n\r\nA flaw was found in the way Firefox saves certain text files. If a\r\nwebsite offers a file of type \"plain/text\", rather than \"text/plain\",\r\nFirefox will not show future \"text/plain\" content to the user in the\r\nbrowser, forcing them to save those files locally to view the content.\r\n(CVE-2008-0592) \r\n\r\nUsers of firefox are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051582.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051583.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051588.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051589.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051594.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051596.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051597.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051600.html\n\n**Affected packages:**\nfirefox\nfirefox-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2008:0103", "cvss3": {}, "published": "2008-02-08T19:18:05", "type": "centos", "title": "firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2008-02-10T16:37:51", "id": "CESA-2008:0103", "href": "https://lists.centos.org/pipermail/centos-announce/2008-February/051582.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T15:52:05", "description": "**CentOS Errata and Security Advisory** CESA-2008:0104\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the way SeaMonkey processed certain malformed\r\nweb content. A webpage containing malicious content could cause SeaMonkey\r\nto crash, or potentially execute arbitrary code as the user running\r\nSeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\r\n\r\nSeveral flaws were found in the way SeaMonkey displayed malformed web\r\ncontent. A webpage containing specially-crafted content could trick a user\r\ninto surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\r\n\r\nA flaw was found in the way SeaMonkey stored password data. If a user\r\nsaves login information for a malicious website, it could be possible\r\nto corrupt the password database, preventing the user from properly\r\naccessing saved password data. (CVE-2008-0417)\r\n\r\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If a\r\nuser has certain extensions installed, it could allow a malicious website\r\nto steal sensitive session data. Note: this flaw does not affect a default\r\ninstallation of SeaMonkey. (CVE-2008-0418)\r\n\r\nA flaw was found in the way SeaMonkey saves certain text files. If a\r\nwebsite offers a file of type \"plain/text\", rather than \"text/plain\",\r\nSeaMonkey will not show future \"text/plain\" content to the user in the\r\nbrowser, forcing them to save those files locally to view the content.\r\n(CVE-2008-0592)\r\n\r\nUsers of SeaMonkey are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051580.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051581.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051586.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051587.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051592.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051593.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051598.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051599.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2008:0104", "cvss3": {}, "published": "2008-02-08T19:04:30", "type": "centos", "title": "seamonkey security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2008-02-10T13:31:44", "id": "CESA-2008:0104", "href": "https://lists.centos.org/pipermail/centos-announce/2008-February/051580.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T15:52:09", "description": "**CentOS Errata and Security Advisory** CESA-2008:0104-01\n\n\nSeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the way SeaMonkey processed certain malformed\r\nweb content. A webpage containing malicious content could cause SeaMonkey\r\nto crash, or potentially execute arbitrary code as the user running\r\nSeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\r\n\r\nSeveral flaws were found in the way SeaMonkey displayed malformed web\r\ncontent. A webpage containing specially-crafted content could trick a user\r\ninto surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\r\n\r\nA flaw was found in the way SeaMonkey stored password data. If a user\r\nsaves login information for a malicious website, it could be possible\r\nto corrupt the password database, preventing the user from properly\r\naccessing saved password data. (CVE-2008-0417)\r\n\r\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If a\r\nuser has certain extensions installed, it could allow a malicious website\r\nto steal sensitive session data. Note: this flaw does not affect a default\r\ninstallation of SeaMonkey. (CVE-2008-0418)\r\n\r\nA flaw was found in the way SeaMonkey saves certain text files. If a\r\nwebsite offers a file of type \"plain/text\", rather than \"text/plain\",\r\nSeaMonkey will not show future \"text/plain\" content to the user in the\r\nbrowser, forcing them to save those files locally to view the content.\r\n(CVE-2008-0592)\r\n\r\nUsers of SeaMonkey are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-February/051601.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n", "cvss3": {}, "published": "2008-02-11T00:20:26", "type": "centos", "title": "seamonkey security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2008-02-11T00:20:26", "id": "CESA-2008:0104-01", "href": "https://lists.centos.org/pipermail/centos-announce/2008-February/051601.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:45:32", "description": "Mozilla Firefox is an open source Web browser.\r\n\r\nSeveral flaws were found in the way Firefox processed certain malformed web\r\ncontent. A webpage containing malicious content could cause Firefox to\r\ncrash, or potentially execute arbitrary code as the user running Firefox.\r\n(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\r\n\r\nSeveral flaws were found in the way Firefox displayed malformed web\r\ncontent. A webpage containing specially-crafted content could trick a user\r\ninto surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\r\n\r\nA flaw was found in the way Firefox stored password data. If a user saves\r\nlogin information for a malicious website, it could be possible to corrupt\r\nthe password database, preventing the user from properly accessing saved\r\npassword data. (CVE-2008-0417)\r\n\r\nA flaw was found in the way Firefox handles certain chrome URLs. If a user\r\nhas certain extensions installed, it could allow a malicious website to\r\nsteal sensitive session data. Note: this flaw does not affect a default\r\ninstallation of Firefox. (CVE-2008-0418)\r\n\r\nA flaw was found in the way Firefox saves certain text files. If a\r\nwebsite offers a file of type \"plain/text\", rather than \"text/plain\",\r\nFirefox will not show future \"text/plain\" content to the user in the\r\nbrowser, forcing them to save those files locally to view the content.\r\n(CVE-2008-0592) \r\n\r\nUsers of firefox are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "cvss3": {}, "published": "2008-02-07T00:00:00", "type": "redhat", "title": "(RHSA-2008:0103) Critical: firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2017-09-08T07:53:52", "id": "RHSA-2008:0103", "href": "https://access.redhat.com/errata/RHSA-2008:0103", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:36:01", "description": "SeaMonkey is an open source Web browser, advanced email and newsgroup\r\nclient, IRC chat client, and HTML editor.\r\n\r\nSeveral flaws were found in the way SeaMonkey processed certain malformed\r\nweb content. A webpage containing malicious content could cause SeaMonkey\r\nto crash, or potentially execute arbitrary code as the user running\r\nSeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)\r\n\r\nSeveral flaws were found in the way SeaMonkey displayed malformed web\r\ncontent. A webpage containing specially-crafted content could trick a user\r\ninto surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)\r\n\r\nA flaw was found in the way SeaMonkey stored password data. If a user\r\nsaves login information for a malicious website, it could be possible\r\nto corrupt the password database, preventing the user from properly\r\naccessing saved password data. (CVE-2008-0417)\r\n\r\nA flaw was found in the way SeaMonkey handles certain chrome URLs. If a\r\nuser has certain extensions installed, it could allow a malicious website\r\nto steal sensitive session data. Note: this flaw does not affect a default\r\ninstallation of SeaMonkey. (CVE-2008-0418)\r\n\r\nA flaw was found in the way SeaMonkey saves certain text files. If a\r\nwebsite offers a file of type \"plain/text\", rather than \"text/plain\",\r\nSeaMonkey will not show future \"text/plain\" content to the user in the\r\nbrowser, forcing them to save those files locally to view the content.\r\n(CVE-2008-0592)\r\n\r\nUsers of SeaMonkey are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "cvss3": {}, "published": "2008-02-07T00:00:00", "type": "redhat", "title": "(RHSA-2008:0104) Critical: seamonkey security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"], "modified": "2019-03-22T19:43:18", "id": "RHSA-2008:0104", "href": "https://access.redhat.com/errata/RHSA-2008:0104", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:19", "description": " [1.5.0.12-9.0.1]\n - Added Oracle specific links into default bookmarks\n \n [1.5.0.12-9]\n - Update to latest snapshot of Mozilla 1.8.0 branch\n - Added a patch with backported fixes from 1.8.1.12 ", "cvss3": {}, "published": "2008-02-08T00:00:00", "type": "oraclelinux", "title": "Critical: firefox security update ", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2008-02-08T00:00:00", "id": "ELSA-2008-0103", "href": "http://linux.oracle.com/errata/ELSA-2008-0103.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:46", "description": " [1.0.9-0.9.el3.0.1]\n - Add mozilla-home-page.patch, mozilla-oracle-default-bookmarks.html, and\n mozilla-oracle-default-prefs.js\n \n [1.0.9-0.9.el3]\n - Update to latest snapshot of Mozilla 1.8.0 branch\n - Added a patch with backported fixes from 1.8.1.12 ", "cvss3": {}, "published": "2008-02-08T00:00:00", "type": "oraclelinux", "title": "Critical: seamonkey security update ", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-0417", "CVE-2008-0412", "CVE-2008-0419", "CVE-2008-0593", "CVE-2008-0413", "CVE-2008-0418", "CVE-2008-0416", "CVE-2008-0304", "CVE-2008-0592", "CVE-2008-0420", "CVE-2008-0415", "CVE-2008-0591"], "modified": "2008-02-08T00:00:00", "id": "ELSA-2008-0104", "href": "http://linux.oracle.com/errata/ELSA-2008-0104.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:06:10", "description": "\nSeveral remote vulnerabilities have been discovered in the Icedove mail\nclient, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\n\n* [CVE-2008-0412](https://security-tracker.debian.org/tracker/CVE-2008-0412)\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n* [CVE-2008-0413](https://security-tracker.debian.org/tracker/CVE-2008-0413)\nCarsten Book, Wesley Garland, Igor Bukanov, moz\\_bug\\_r\\_a4, shutdown,\n Philip Taylor and tgirmann discovered crashes in the JavaScript\n engine, which might allow the execution of arbitrary code.\n* [CVE-2008-0415](https://security-tracker.debian.org/tracker/CVE-2008-0415)\nmoz\\_bug\\_r\\_a4 and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could allow\n privilege escalation.\n* [CVE-2008-0418](https://security-tracker.debian.org/tracker/CVE-2008-0418)\nGerry Eisenhaur and moz\\_bug\\_r\\_a4 discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n* [CVE-2008-0419](https://security-tracker.debian.org/tracker/CVE-2008-0419)\nDavid Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure and\n potentially the execution of arbitrary code.\n* [CVE-2008-0591](https://security-tracker.debian.org/tracker/CVE-2008-0591)\nMichal Zalewski discovered that timers protecting security-sensitive\n dialogs (by disabling dialog elements until a timeout is reached)\n could be bypassed by window focus changes through JavaScript.\n\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch2.\n\n\nWe recommend that you upgrade your icedove packages.\n\n\n", "cvss3": {}, "published": "2008-02-10T00:00:00", "type": "osv", "title": "icedove - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2022-08-10T07:06:04", "id": "OSV:DSA-1485-2", "href": "https://osv.dev/vulnerability/DSA-1485-2", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T08:34:41", "description": "\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\n\n* [CVE-2008-0412](https://security-tracker.debian.org/tracker/CVE-2008-0412)\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n* [CVE-2008-0413](https://security-tracker.debian.org/tracker/CVE-2008-0413)\nCarsten Book, Wesley Garland, Igor Bukanov, moz\\_bug\\_r\\_a4, shutdown,\n Philip Taylor and tgirmann discovered crashes in the JavaScript\n engine, which might allow the execution of arbitrary code.\n* [CVE-2008-0414](https://security-tracker.debian.org/tracker/CVE-2008-0414)\nhong and Gregory Fleischer discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.\n* [CVE-2008-0415](https://security-tracker.debian.org/tracker/CVE-2008-0415)\nmoz\\_bug\\_r\\_a4 and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could allow\n privilege escalation.\n* [CVE-2008-0417](https://security-tracker.debian.org/tracker/CVE-2008-0417)\nJustin Dolske discovered that the password storage mechanism could\n be abused by malicious web sites to corrupt existing saved passwords.\n* [CVE-2008-0418](https://security-tracker.debian.org/tracker/CVE-2008-0418)\nGerry Eisenhaur and moz\\_bug\\_r\\_a4 discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n* [CVE-2008-0419](https://security-tracker.debian.org/tracker/CVE-2008-0419)\nDavid Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure and\n potentially the execution of arbitrary code.\n* [CVE-2008-0591](https://security-tracker.debian.org/tracker/CVE-2008-0591)\nMichal Zalewski discovered that timers protecting security-sensitive\n dialogs (by disabling dialog elements until a timeout is reached)\n could be bypassed by window focus changes through JavaScript.\n* [CVE-2008-0592](https://security-tracker.debian.org/tracker/CVE-2008-0592)\nIt was discovered that malformed content declarations of saved\n attachments could prevent a user from opening local files\n with a .txt file name, resulting in minor denial of service.\n* [CVE-2008-0593](https://security-tracker.debian.org/tracker/CVE-2008-0593)\nMartin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.\n* [CVE-2008-0594](https://security-tracker.debian.org/tracker/CVE-2008-0594)\nEmil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with <div> elements.\n\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.12-0etch1.\n\n\nWe recommend that you upgrade your iceweasel packages.\n\n\n", "cvss3": {}, "published": "2008-02-10T00:00:00", "type": "osv", "title": "iceweasel - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2022-07-21T05:46:30", "id": "OSV:DSA-1489-1", "href": "https://osv.dev/vulnerability/DSA-1489-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:06:10", "description": "\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\n\n* [CVE-2008-0412](https://security-tracker.debian.org/tracker/CVE-2008-0412)\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n* [CVE-2008-0413](https://security-tracker.debian.org/tracker/CVE-2008-0413)\nCarsten Book, Wesley Garland, Igor Bukanov, moz\\_bug\\_r\\_a4, shutdown,\n Philip Taylor and tgirmann discovered crashes in the JavaScript\n engine, which might allow the execution of arbitrary code.\n* [CVE-2008-0414](https://security-tracker.debian.org/tracker/CVE-2008-0414)\nhong and Gregory Fleischer discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.\n* [CVE-2008-0415](https://security-tracker.debian.org/tracker/CVE-2008-0415)\nmoz\\_bug\\_r\\_a4 and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could allow\n privilege escalation.\n* [CVE-2008-0417](https://security-tracker.debian.org/tracker/CVE-2008-0417)\nJustin Dolske discovered that the password storage mechanism could\n be abused by malicious web sites to corrupt existing saved passwords.\n* [CVE-2008-0418](https://security-tracker.debian.org/tracker/CVE-2008-0418)\nGerry Eisenhaur and moz\\_bug\\_r\\_a4 discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n* [CVE-2008-0419](https://security-tracker.debian.org/tracker/CVE-2008-0419)\nDavid Bloom discovered a race condition in the image handling of\n designMode elements, which could lead to information disclosure or\n potentially the execution of arbitrary code.\n* [CVE-2008-0591](https://security-tracker.debian.org/tracker/CVE-2008-0591)\nMichal Zalewski discovered that timers protecting security-sensitive\n dialogs (which disable dialog elements until a timeout is reached)\n could be bypassed by window focus changes through JavaScript.\n* [CVE-2008-0592](https://security-tracker.debian.org/tracker/CVE-2008-0592)\nIt was discovered that malformed content declarations of saved\n attachments could prevent a user from opening local files\n with a .txt file name, resulting in minor denial of service.\n* [CVE-2008-0593](https://security-tracker.debian.org/tracker/CVE-2008-0593)\nMartin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.\n* [CVE-2008-0594](https://security-tracker.debian.org/tracker/CVE-2008-0594)\nEmil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with <div> elements.\n\n\nThe old stable distribution (sarge) doesn't contain xulrunner.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080131b-0etch1.\n\n\nWe recommend that you upgrade your xulrunner packages.\n\n\n", "cvss3": {}, "published": "2008-02-10T00:00:00", "type": "osv", "title": "xulrunner - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2022-08-10T07:06:04", "id": "OSV:DSA-1484-1", "href": "https://osv.dev/vulnerability/DSA-1484-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:06:26", "description": "\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\n\n* [CVE-2008-0412](https://security-tracker.debian.org/tracker/CVE-2008-0412)\nJesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n* [CVE-2008-0413](https://security-tracker.debian.org/tracker/CVE-2008-0413)\nCarsten Book, Wesley Garland, Igor Bukanov, moz\\_bug\\_r\\_a4, shutdown,\n Philip Taylor and tgirmann discovered crashes in the Javascript\n engine, which might allow the execution of arbitrary code.\n* [CVE-2008-0414](https://security-tracker.debian.org/tracker/CVE-2008-0414)\nhong and Gregory Fleischer discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.\n* [CVE-2008-0415](https://security-tracker.debian.org/tracker/CVE-2008-0415)\nmoz\\_bug\\_r\\_a4 and Boris Zbarsky discovered several\n vulnerabilities in Javascript handling, which could allow\n privilege escalation.\n* [CVE-2008-0417](https://security-tracker.debian.org/tracker/CVE-2008-0417)\nJustin Dolske discovered that the password storage mechanism could\n be abused by malicious web sites to corrupt existing saved passwords.\n* [CVE-2008-0418](https://security-tracker.debian.org/tracker/CVE-2008-0418)\nGerry Eisenhaur and moz\\_bug\\_r\\_a4 discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n* [CVE-2008-0419](https://security-tracker.debian.org/tracker/CVE-2008-0419)\nDavid Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure and\n potentially the execution of arbitrary code.\n* [CVE-2008-0591](https://security-tracker.debian.org/tracker/CVE-2008-0591)\nMichal Zalewski discovered that timers protecting security-sensitive\n dialogs (by disabling dialog elements until a timeout is reached)\n could be bypassed by window focus changes through Javascript.\n* [CVE-2008-0592](https://security-tracker.debian.org/tracker/CVE-2008-0592)\nIt was discovered that malformed content declarations of saved\n attachments could prevent a user in the opening local files\n with a .txt file name, resulting in minor denial of service.\n* [CVE-2008-0593](https://security-tracker.debian.org/tracker/CVE-2008-0593)\nMartin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.\n* [CVE-2008-0594](https://security-tracker.debian.org/tracker/CVE-2008-0594)\nEmil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with <div> elements.\n\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.0.12~pre080131b-0etch1.\n\n\nWe recommend that you upgrade your iceape packages.\n\n\n", "cvss3": {}, "published": "2008-02-24T00:00:00", "type": "osv", "title": "iceape - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5947", "CVE-2007-5959", "CVE-2007-5960", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2022-08-10T07:06:18", "id": "OSV:DSA-1506-1", "href": "https://osv.dev/vulnerability/DSA-1506-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-22T01:45:35", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1485-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 10, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594\n\nSeveral remote vulnerabilities have been discovered in the Icedove mail\nclient, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n\nCVE-2008-0413\n\n Carsten Book, Wesley Garland, Igor Bukanov, &quot;moz_bug_r_a4&quot;, &quot;shutdown&quot;,\n Philip Taylor and &quot;tgirmann&quot; discovered crashes in the Javascript\n engine, which might allow the execution of arbitrary code.\n\nCVE-2008-0415\n\n &quot;moz_bug_r_a4&quot; and Boris Zbarsky discovered discovered several\n vulnerabilities in Javascript handling, which could allow\n privilege escalation.\n\nCVE-2008-0418\n\n Gerry Eisenhaur and &quot;moz_bug_r_a4&quot; discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n\nCVE-2008-0419\n\n David Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure or\n potentially the execution of arbitrary code.\n\nCVE-2008-0591\n\n Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (which disable dialog elements until a timeout is reached)\n could be bypassed by window focus changes through Javascript.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch1.\n\nThe Mozilla products in the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your icedove packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1.dsc\n Size/MD5 checksum: 1934 47d17cda0ae1ec315855f996e37a0ee2\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1.orig.tar.gz\n Size/MD5 checksum: 35174191 b1a02873d5e320b1a208dbffc256baee\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15a.dfsg1-0etch1.diff.gz\n Size/MD5 checksum: 639864 5019118913d1598ea534ff58814a8fad\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1.diff.gz\n Size/MD5 checksum: 640166 c8a2dd2880fd468314e00a3dcdc9713a\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15a.dfsg1-0etch1.dsc\n Size/MD5 checksum: 1934 0277c98ec500cb111c9037b4acd46f37\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15a.dfsg1.orig.tar.gz\n Size/MD5 checksum: 35154860 50acd2143692a17a3726020c79efd792\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29070 3d934b7f3583e3a04a0bd193e45a3fa6\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29054 75b83c322479e095016108453ff7e862\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28752 207210cf6c217aedb2f0f08a087a4038\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29060 156f796fe78bbebda0b7e25fcf5dbe54\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28750 6082bb3816ce8c712db07c261b663d9b\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29074 b98a074d7074c155a6ba1df263419376\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28710 5262c9e6077043df59f04ac2c9cf76bd\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29042 620536610d06e9062eb8760cde3d990c\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29050 ce479eb792bfef00ae3161fd0d157a61\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28742 bdfa53f9153d29f2c09fc92992768505\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29072 cbae212a095f4aac3b30443328b5ad85\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29066 70d41408a7964be8d214b83c52f873d8\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29048 6665f3ce45a1c320dd55891bceb16f14\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28720 0652a52573e32d8643c8fe56d6d4422c\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 29032 32015cf440db3318d6459f6c60a17792\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28738 f5e76fde9c0fa999976c25de142e2933\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28752 80f05dce795e06a217831b3b49a98ea5\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28726 78fa3b134bcc31bfe0d76f2c2822b9a7\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28740 ab949d37a07944176d49a17bd6452915\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15a.dfsg1-0etch1_all.deb\n Size/MD5 checksum: 28728 2005767e5f5393b4d0cbebf5ba65858d\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_alpha.deb\n Size/MD5 checksum: 13477574 3586070804bea29285203c0d710a918f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_alpha.deb\n Size/MD5 checksum: 201020 a3860a5f8ea5df9b1550f1b91a489282\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_alpha.deb\n Size/MD5 checksum: 52680 1845988f3eefd9eb4a4f1ff0ae579442\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_alpha.deb\n Size/MD5 checksum: 64830 1927b164d0d1de06860412201c70cbad\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_alpha.deb\n Size/MD5 checksum: 3959656 dfc28dccc2e40374cfad1ef967dba6af\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_alpha.deb\n Size/MD5 checksum: 52398982 dbfb06787432361c6c6b29db01797658\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 61508 7a29b7ebb0148d1dc10cf3184791de68\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15a.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 51479238 7546f24646bab864f479ea32fac82a5c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 3678346 7f2501ff09f24d2a4fa384d531969897\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 51479136 f56252c61054eae347480d45fb3e845f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 196082 ff2443c7df9dff331f9f54050c191a88\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 52482 63a6d9b1e0d24dd0c19ba12472a353df\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15a.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 52126 18ad28ac6de6ec10a0b1c7f0d4c12400\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15a.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 3678234 4b53c36eadec973ac33961e5742b66bb\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15a.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 12175876 ef4f2cb4f8c6fea463fd1afd312a81bc\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 12176086 2ccb02753ddc07f672554b7cb0fcfc86\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15a.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 195766 cb0743a07f4c39a03e373a01006d035d\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15a.dfsg1-0etch1_amd64.deb\n Size/MD5 checksum: 61202 07ee675ef4abe42c7a815328838117bd\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_arm.deb\n Size/MD5 checksum: 190188 d49cdf38bf863bb4474eb59012fcb93f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_arm.deb\n Size/MD5 checksum: 59164 ca8d2f5c2675ecff0d0523020c186beb\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_arm.deb\n Size/MD5 checksum: 3921168 aff4bbe777f2d3218884bf11ca7d903f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_arm.deb\n Size/MD5 checksum: 50840516 be399e7f6a6c757dbc19f6fc940c2bab\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_arm.deb\n Size/MD5 checksum: 47460 ef2213d60c4639700568a4e46cd69823\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_arm.deb\n Size/MD5 checksum: 10890196 3470ed870a82c96f0723fb1bd2f4be82\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_hppa.deb\n Size/MD5 checksum: 198992 e81f2d89f597b911fe0039f376cb6071\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_hppa.deb\n Size/MD5 checksum: 65160 8aaeb868e5deba710ebcef667d6bc0d2\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_hppa.deb\n Size/MD5 checksum: 13608366 e4467458a79b80c599043a5031399129\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_hppa.deb\n Size/MD5 checksum: 3687204 32e6df9922d3c3e9e3c30c59cd0d89d8\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_hppa.deb\n Size/MD5 checksum: 53822 227f6e6ed89384579939a71b513c654c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_hppa.deb\n Size/MD5 checksum: 52304678 22339033b10f9f7cc264f1d1b6f49a39\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_i386.deb\n Size/MD5 checksum: 50739726 8d281ab2f28aa46d2f45cabf38bbf5b6\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_i386.deb\n Size/MD5 checksum: 58468 94da561a6c16dd61b4d67c5454bde263\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_i386.deb\n Size/MD5 checksum: 10908248 b074acc60f11fe65f51123835aaf6563\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_i386.deb\n Size/MD5 checksum: 48492 75b5a0dd4fb0eb5356447aadf473dd88\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_i386.deb\n Size/MD5 checksum: 3674908 3f714044ed45a0865cae0ee8a3afbbfe\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_i386.deb\n Size/MD5 checksum: 191110 4bc9512a954cd2a1959f222e58410f13\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_ia64.deb\n Size/MD5 checksum: 74540 b94103c0acece46ae23b9a4184559ba0\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_ia64.deb\n Size/MD5 checksum: 205164 4e4cc75611d4c426bf3853f5b5fc913f\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_ia64.deb\n Size/MD5 checksum: 16555710 a753acd40202db1505db475a2b07f864\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_ia64.deb\n Size/MD5 checksum: 51782076 90f6f1d609fc6bb1da002042c4176144\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_ia64.deb\n Size/MD5 checksum: 59892 114f7dab7046fd2b829ee73c11673ffd\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_ia64.deb\n Size/MD5 checksum: 3727334 ac550246f7050e9e990cab2b41e8e307\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mips.deb\n Size/MD5 checksum: 58660 37b7e382b913d32fd45b56a900144fa9\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mips.deb\n Size/MD5 checksum: 48156 0506a2b5cf3217a0166604642cb3fc0e\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mips.deb\n Size/MD5 checksum: 11605890 bc3cbfe3c00029a23b8c534eb095293e\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mips.deb\n Size/MD5 checksum: 3947208 37c2f220a567efc7bf857ff663a14eaa\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mips.deb\n Size/MD5 checksum: 53115496 16d60f83edc41d2013b2b2e4c7688dce\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mips.deb\n Size/MD5 checksum: 192834 fba067d4a1f28460717326ab9ae587a4\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mipsel.deb\n Size/MD5 checksum: 3682680 b15523a9b11e167180ce538c22dc7e8e\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mipsel.deb\n Size/MD5 checksum: 59106 9251493e24dd6caf9492a190e1369273\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mipsel.deb\n Size/MD5 checksum: 11359948 600b1ca471f3a5a2daac335e6ed65107\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mipsel.deb\n Size/MD5 checksum: 49440 ab77a977ef3502f4757a2323659cded3\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mipsel.deb\n Size/MD5 checksum: 51683256 51f5272cb9f400636744ab6ff2c8ce12\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_mipsel.deb\n Size/MD5 checksum: 192436 86101919ad16ae491d06c0f83060f0d1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_powerpc.deb\n Size/MD5 checksum: 60886 a9424e09ad82b64db9d1d65bbd7556d5\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_powerpc.deb\n Size/MD5 checksum: 50054 52f349cfd8a85b106c706327762b81a8\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_powerpc.deb\n Size/MD5 checksum: 193124 b58c8e8eb9b6d1b2be4f8aa0fd779914\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_powerpc.deb\n Size/MD5 checksum: 53293062 910fdc0bcc50371aa0e2838a0a89916d\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_powerpc.deb\n Size/MD5 checksum: 11805588 abc0b4e82912b742c5119e9edc4e7489\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_powerpc.deb\n Size/MD5 checksum: 3677676 311d4ff42e46e793e90ddfe6911d194f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_s390.deb\n Size/MD5 checksum: 197844 b4385940911f567c17ac3cc3ac9fc104\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_s390.deb\n Size/MD5 checksum: 12835874 02f93e3ecb6316b3d3babf2ad9deaddb\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_s390.deb\n Size/MD5 checksum: 53086 bc9e0b2d5c06d15f5cb4e88ec212f40a\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_s390.deb\n Size/MD5 checksum: 62660 b2bf4a97ea54e1a763ccbf6aef9d6c88\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_s390.deb\n Size/MD5 checksum: 3681442 b9a4130ab7d39167b5c4ed88120960e4\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_s390.deb\n Size/MD5 checksum: 52154828 7b31678e0368e0d4f5f7161a5c97a4a4\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch1_sparc.deb\n Size/MD5 checksum: 3671540 1b82017a4f3a5865aedf3c29606c4cae\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch1_sparc.deb\n Size/MD5 checksum: 48550 95504b7be39d3be94d5700c93d6cd508\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch1_sparc.deb\n Size/MD5 checksum: 58548 47ad983571038b9cdf942209ad9e5015\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch1_sparc.deb\n Size/MD5 checksum: 190634 475b3ce08529ed49e51d429a07d1b31f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch1_sparc.deb\n Size/MD5 checksum: 50636272 fe393a565f673bf90d0ac4a0cfdcd19b\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch1_sparc.deb\n Size/MD5 checksum: 11116646 e52cdfe384360f7055c7b45ad53b7a6b\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2008-02-10T20:39:19", "type": "debian", "title": "[SECURITY] [DSA 1485-1] New icedove packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2008-02-10T20:39:19", "id": "DEBIAN:DSA-1485-1:95345", "href": "https://lists.debian.org/debian-security-announce/2008/msg00050.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-01T00:00:00", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1484-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 10, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xulrunner\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594\n\nSeveral remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2008-0412\n\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n\nCVE-2008-0413\n\n Carsten Book, Wesley Garland, Igor Bukanov, &quot;moz_bug_r_a4&quot;, &quot;shutdown&quot;,\n Philip Taylor and &quot;tgirmann&quot; discovered crashes in the Javascript\n engine, which might allow the execution of arbitrary code.\n\nCVE-2008-0414\n\n &quot;hong&quot; and Gregory Fleisher discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.\n\nCVE-2008-0415\n\n &quot;moz_bug_r_a4&quot; and Boris Zbarsky discovered discovered several\n vulnerabilities in Javascript handling, which could allow\n privilege escalation.\n\nCVE-2008-0417\n\n Justin Dolske discovered that the password storage machanism could\n be abused by malicious web sites to corrupt existing saved passwords.\n\nCVE-2008-0418\n\n Gerry Eisenhaur and &quot;moz_bug_r_a4&quot; discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n\nCVE-2008-0419\n\n David Bloom discovered a race condition in the image handling of\n designMode elements, which could lead to information disclosure or\n potentially the execution of arbitrary code.\n\nCVE-2008-0591\n\n Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (which disable dialog elements until a timeout is reached)\n could be bypassed by window focus changes through Javascript.\n\nCVE-2008-0592\n\n It was discovered that malformed content declarations of saved\n attachments could prevent a user in the opening local files\n with a &quot;.txt&quot; file name, resulting in minor denial of service.\n\nCVE-2008-0593\n\n Martin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.\n\nCVE-2008-0594\n\n Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with &lt;div&gt; elements.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080131b-0etch1.\n\nThe old stable distribution (sarge) doesn&#x27;t contain xulrunner.\n\nWe recommend that you upgrade your xulrunner packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b.orig.tar.gz\n Size/MD5 checksum: 42973580 d79eb23c39acecdd77b75e21f60f1ed7\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1.dsc\n Size/MD5 checksum: 1984 3be3e9cea71684c38875204f26b4991f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131a-0etch1.dsc\n Size/MD5 checksum: 1984 51d5d15af381b1cb1c7a53b86403eaaa\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1.diff.gz\n Size/MD5 checksum: 146050 71b08cb7e88e9979cc95f8b266f32314\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131a.orig.tar.gz\n Size/MD5 checksum: 42937342 47a9192461a2810f3c723886f7eca283\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131a-0etch1.diff.gz\n Size/MD5 checksum: 145864 b0e482844e8b0868b8897a6800e77975\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080131a-0etch1_all.deb\n Size/MD5 checksum: 2633898 2c0c7ae96e9278637bb81af28fd7f925\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 2634120 2387467e43b34edc7e5bdabd0cd5f756\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 1050378 ffe37ceeea4eda6261b77d25ec6b3f38\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 176062 af6d7a398fb5eabbc9f581d0c8c7f7ed\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080131a-0etch1_all.deb\n Size/MD5 checksum: 230070 83c168fa21244c230c0d2df159626bb9\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 206794 de905a84614b3cb44f5fd54ebd416e2d\n http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080131a-0etch1_all.deb\n Size/MD5 checksum: 35414 b45b2ef1471867ca5c446023c7a46c3f\n http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 35822 1dc6f6b43e6cc7c38acd8943ef86d697\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080131a-0etch1_all.deb\n Size/MD5 checksum: 1050002 52eec73387a5e36a5ffe8cbb5e7f3203\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080131a-0etch1_all.deb\n Size/MD5 checksum: 1029292 81006ec854a8834da8e113c63e176d9a\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080131a-0etch1_all.deb\n Size/MD5 checksum: 175770 eb3affe3c479e8bf3005d586ce56fb5e\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080131a-0etch1_all.deb\n Size/MD5 checksum: 206536 37919c2a5d4ca2c021e09a7dfab052f1\n http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 35784 dc71cd4970b2cb41d13e39d03936a61a\n http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080131a-0etch1_all.deb\n Size/MD5 checksum: 35450 30ac22d7e6fef1e1e3c39ff95bdf7951\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 1029436 8acd28a5da001860fb32d956a0c88c45\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080131b-0etch1_all.deb\n Size/MD5 checksum: 230362 1ca1b510e995e263ed9354e66f4528eb\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 300982 48d43a6cfd1600028589560d7b040265\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 291128 3b4dcdb6e4ecd609a1c6056b728ca288\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 906354 4feeaee98fdb8d5f56860bcf94954564\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 3186292 2557eac0d85c069fcfdb5830f1f75590\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 764336 cd2af94cc30bed1ee9cd2327d2589143\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 385230 25c81071ee590a4eae5ac7555986acce\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 7329400 fb6d733eddc6bfbdfbb6193f4f65310f\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 130240 162aefa99f09b206ae7f3a3d1f420699\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 45948622 3426f00b33d6097ee98f3fc09495a1c9\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 52342 e1cc8197d761872f98e5992d5aa8fee6\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 738446 ab60bbfa0fd9530d9bce9fa3c93376b6\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 70402 0cec5fa10dcb21a2378a9f0e7c8f189d\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_alpha.deb\n Size/MD5 checksum: 161168 f46b0777b133822c5c5ad389829d0194\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 753432 c8c962830a17b8ab975d8aeef960e803\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 147500 b37b5d6a85d991db43a18c6c94bbcf8c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 68282 35d18dd0fdbc3948e696a6fe4d12afc1\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 45145750 59972f75638dbd035a86341b39f79832\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 303680 69dec62893e18e9dda4ef28f9832ee7c\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 276986 650983885aaef6ba70dda601b07d8ecb\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 45147940 ec7a996914e129b796acfcb86abac487\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 125210 c50e21bfbf2edfc9277c67caa0ac163b\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 808142 9f8593791ce1752eefafc9ec88c5dcd4\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 3174014 7426545d5a3f56ce648019a76d8c0867\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 303446 73757ffad29d0a1e742711fbda071665\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 51678 84e1b4e4747b081883c05d825b88a36a\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 3173420 ca68b574627a63924fb19ebca8c672c4\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 354378 9e67f3e42f33ca7a5e44a0544b92b4ec\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 669282 1ad49fa8d4698bac3b0f6bd7886bbe30\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 808492 a99f3db09934b7bdd3e00ebe81889f66\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 6327570 c17bfaef24a64d8d0cb8c730dc023baf\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 52062 7de4f3fe458386edce1c1e832476e64e\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 124804 1005cc5d3d6f505d6a303db0f179cf4d\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 147864 6e083997dd2452e26982fc0dd2c8e719\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 752848 2ea7f2567a7ca60fa4476dea03241278\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 6328008 7b8f4db75a18132fac5b103d12d81d3c\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 669644 6587efbb34209f66048072eb052ab833\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 354708 041297ad5a40f025fef6c235a94afb43\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_amd64.deb\n Size/MD5 checksum: 277434 7fa6328b4d0d66fcd1b1908fcfe5fe9f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131a-0etch1_amd64.deb\n Size/MD5 checksum: 67946 44d5fc415eb1d43b6869523926747738\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 49456 22e65d343a41af6443408bc0223992eb\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 135634 17f99aa17baaceb02a769fdeda294cd0\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 324576 7521322a51ac65c32c8e67f8a2095ef0\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 44664474 fbff4a59f8b2034fb108fef12a6c12ae\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 117832 5496f9db06bb197885ae1ff7371daed0\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 730656 c2a86cce88556d00553cd703cfd2c12f\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 2968402 4e5ba6e87b2fb6967b4f821680b64a58\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 5355970 369f8776b78c73b6db7d51fb46850e62\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 61692 b9a3d7e1b32e271a25b7b2b8173e0f33\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 258892 49d11772c74e03931100e9d02f23f35d\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 593128 9e31d92168b146532d07a21e6bc7bdfd\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 289292 0f902cb061feaf34cee6e60d46e6ef47\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_arm.deb\n Size/MD5 checksum: 703358 6649a66e3c628d932de2345a4ecef221\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 710732 397aa33947cc7f0da183ac261274ffa3\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 295572 b6e2e388939b49af9a396debf1e90b66\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 627208 8048ec98892b5cebeb7e17a55b9a7d6f\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 62710 89595874bc60ef85b36270580e20613b\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 5368326 f7664ccc035943f851f01e3992681b5d\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 44624964 770c4b5ad23a1d6f200425a564f84e45\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 49588 023481e8c7f2e78e11561a040a3a1693\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 116676 a9e74b2ae216480367d0c8bafae57054\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 266700 fbbf2519f94a17ed2427a5dbf916c784\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 741590 a205d2bdc8889cd78c1adb8c99804f28\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 334708 944e8037955e913e0c8157c3257d71a6\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 3032758 663e70e607fa567760f68362da20b19a\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_i386.deb\n Size/MD5 checksum: 138698 cc1fcfeef25b88a8b94ed853c0af67ad\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 56574 0bbeccb1ce17be00a8887e0902829e0f\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 531052 770b95f6a5e30262b102bb04a684dadb\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 286474 7932d0a227db4dbed963bab2b38890b0\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 45357506 339751b77c0e193d43f016b46eca0635\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 197948 30bffc4adc86f7e49292c145a0ef455e\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 9663880 e103905d48fa01fe650323a522ff6954\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 79762 b789747fdbf8b08dea00a16ebb6f924c\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 3051164 28f374f15fecccd28bea59064b0c52fd\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 936678 692aa35342cbbfb656cdd43a0f355ab3\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 755838 e55303e75fa0dcaab2c893eebd7695fa\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 1121196 4f382bd65f60b39c17e6e66faeb4108a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 332634 5ec04e80c91099cd2dde29047316244a\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_ia64.deb\n Size/MD5 checksum: 149144 15ebb931cd15a83f4fb539e22982cd39\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 784330 e89bba3330bc0a61ad525e165819e69e\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 311760 351292979a7488097b17f907a1e92820\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 808276 ee9acac231e6fff310ceb0c626c6d1cb\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 351380 06ecbda29c2cea54510c941b6ed31134\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 118024 049421e624a450aada091b2d07ba70ba\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 145710 14c35662677be2aed778ee7400c2c79b\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 274308 7c68191e462f1460927c7be8bdb7e182\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 669768 557b80e4f86e977f42b9e2b996880a86\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 46687762 ef81d10fea89271a855e01b334833717\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 3289098 054cae9b445a045e43c12dfc93cd3356\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 50716 e733f66563d7bb1f764e7c34709fda37\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 63434 3a69abf92a663bfe95f684ccefe4983f\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_mips.deb\n Size/MD5 checksum: 5944088 e08a07f98ed2adeaa9e74a4e0a7d213c\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 273732 fe3e41fc6cbe013c8262215834a28119\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 304800 50416b404580e7188876d94d8eb9015c\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 3186108 070e831b5104759d2803b16ecddb17da\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 5739368 0eccc3edddac7afaa2cf484c4469aaf7\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 349968 1bc48c752746f6f2c34a60b22fdb38ee\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 669626 55f71a4cfd9ac9ba5a091a3dd41d268a\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 64012 9353c1b44e4ee9f494d8478c11573fb5\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 51284 b6312a4640f0d138871ba08df9f948fc\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 117726 da80f2a5b2c8c8192351d017cd9b0d68\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 765160 9cbf5e4f1e664a282a8d76ce8bad69a2\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 784644 8b52671434cb8e15818eb13d33bc665e\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 145286 3adcf75154f79421081e4d18d59d22d6\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_mipsel.deb\n Size/MD5 checksum: 45292438 ca6193ec62287b980a58a711d62cffcc\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 52536 a9ec3762768c9ad67ed70b7a8cd6edc0\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 639322 7e0aa68f51162bf3d5597954e66c7385\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 310200 36d405b11f1cd0ace489150394d741bd\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 63916 03451c765e218e3548a5dc2d53f1a2e8\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 772648 4ea5bdf6b37ff7832948ac76e5766139\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 348628 8da80d959e39efee0e5cd20251cc39bb\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 277876 8bb9e0b00e4f46c07ad604b45a4f4eeb\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 147032 78d723c27aafbdd33e83901d13722a14\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 46874596 f2e11607412d686b798f878361deeeff\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 6099098 50dde844e2f1fae3452307098a12d08c\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 3207150 5428a19c432e674817b061b5e31e1f02\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 809362 45fa89e5a2af0c2dcbeadc06c27bd36a\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_powerpc.deb\n Size/MD5 checksum: 123126 754648cbc07a2cc987321d68d6a78b3f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 281618 1bd2653b2fd2113706d81b02b150a560\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 755162 dcbac1d2a435ff374aa305aad5f72464\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 371488 d6ea73f2efa87c87f32401998a7f99ea\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 898132 011e5bed5cb5d4f2a457882938acae81\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 305854 22d76ea19b1920a5a2572ae1a497d983\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 3180818 62b62889a169b71c07ca3d03f35704d1\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 52772 4c8f071150c61fbb402cbd891dd6ac66\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 68908 0ede3f190162f44e8b70aad56daa6229\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 687716 30847b7306c14e25b498e73e9fd7dd0a\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 126058 795a33ce780ebae00a31998d0ef37057\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 159618 573178b3a9c6d426ee31178d5a129c35\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 6801218 5824b818bb24185d2313f4bc21d61a7c\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_s390.deb\n Size/MD5 checksum: 46003092 8cbe685cb014f00d9ad20320166c84de\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 135832 e9fb59db7db4cf8115b0f0c31e9fa02d\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 2853772 1a5ba8494429e218af457c41e386ffa4\n http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 117874 e0f3af0c4ad032d8733ecdbcbde742bd\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 718812 26e1bcaa5c6e9c8ba33bf38ba9ca5094\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 260112 3a376a641bcd399fa7edfd6aeeda02a6\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 5676820 6ef1646cdaaa3f92b27a9f1e5fee2ae4\n http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 44719838 da7ac96f4867146786a4e4c0d6394aa3\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 673966 23dd041a33c8358ef3670e572ad35b2d\n http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 322360 b1495cfeabbb859be0ad55779ba90d04\n http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 50658 52359135ca3b9e3304de344c671ee659\n http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 283234 7675926943bd9f7d5f296c5360bae2c3\n http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 62208 52394124b19e044fe376363c82fce3b4\n http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_sparc.deb\n Size/MD5 checksum: 585246 26a306c978adab161746d1ba6d4d0f2a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2008-02-10T20:23:48", "type": "debian", "title": "[SECURITY] [DSA 1484-1] New xulrunner packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2008-02-10T20:23:48", "id": "DEBIAN:DSA-1484-1:87969", "href": "https://lists.debian.org/debian-security-announce/2008/msg00049.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-08T13:16:39", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1489-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 10, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594\n\nSeveral remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n\nCVE-2008-0413\n\n Carsten Book, Wesley Garland, Igor Bukanov, &quot;moz_bug_r_a4&quot;, &quot;shutdown&quot;,\n Philip Taylor and &quot;tgirmann&quot; discovered crashes in the Javascript\n engine, which might allow the execution of arbitrary code.\n\nCVE-2008-0414\n\n &quot;hong&quot; and Gregory Fleisher discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.\n\nCVE-2008-0415\n\n &quot;moz_bug_r_a4&quot; and Boris Zbarsky discovered discovered several\n vulnerabilities in Javascript handling, which could allow\n privilege escalation.\n\nCVE-2008-0417\n\n Justin Dolske discovered that the password storage machanism could\n be abused by malicious web sites to corrupt existing saved passwords.\n\nCVE-2008-0418\n\n Gerry Eisenhaur and &quot;moz_bug_r_a4&quot; discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n\nCVE-2008-0419\n\n David Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure or\n potentially the execution of arbitrary code.\n\nCVE-2008-0591\n\n Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (which disable dialog elements until a timeout is reached)\n could be bypassed by window focus changes through Javascript.\n\nCVE-2008-0592\n\n It was discovered that malformed content declarations of saved\n attachments could prevent a user in the opening local files\n with a &quot;.txt&quot; file name, resulting in minor denial of service.\n\nCVE-2008-0593\n\n Martin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.\n\nCVE-2008-0594\n\n Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with &lt;div&gt; elements.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.12-0etch1.\n\nThe Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your iceweasel packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12.orig.tar.gz\n Size/MD5 checksum: 43522779 34cb9e2038afa635dac9319a0f113be8\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.dsc\n Size/MD5 checksum: 1289 568c8d5661721888aa75724f4ec76cf9\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.diff.gz\n Size/MD5 checksum: 186174 96e7907d265cdf00b81785db4e2ab6c4\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.12-0etch1_all.deb\n Size/MD5 checksum: 54290 97f40d39e73fba4b90c79a514ab89f18\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.12-0etch1_all.deb\n Size/MD5 checksum: 54146 ef3dbcc83837bc5c86ecdb3295716e23\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.12-0etch1_all.deb\n Size/MD5 checksum: 54026 91815e0777f6249b4ba95bbeb38cee0c\n http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.12-0etch1_all.deb\n Size/MD5 checksum: 54176 1b7640fa33604225b347b8fd368163a0\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.12-0etch1_all.deb\n Size/MD5 checksum: 54816 97db059f2fc4f52bd4d2389f724e8378\n http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.12-0etch1_all.deb\n Size/MD5 checksum: 54026 969ad8b6ed5b8b0dea8cd5d3414c1485\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.12-0etch1_all.deb\n Size/MD5 checksum: 239356 4309e0a07163450b9d7ce65103b39b80\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_alpha.deb\n Size/MD5 checksum: 90934 5e1bdb44f0484fd2111a1541276b99dd\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_alpha.deb\n Size/MD5 checksum: 51062530 72e80dbe1969eae96b4d9ed57aa89122\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_alpha.deb\n Size/MD5 checksum: 11553820 0cea194c903903bb98b53cc349b89dbf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_amd64.deb\n Size/MD5 checksum: 50060784 8639ed04300fac0705c47c27338fdfbb\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_amd64.deb\n Size/MD5 checksum: 87564 79c23f813fc543121275f4a974833c82\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_amd64.deb\n Size/MD5 checksum: 10182710 bb8bbff82040dc0c04e98ac477a5a691\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_hppa.deb\n Size/MD5 checksum: 89302 2867a60e5385e94188bf66f38f992a29\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_hppa.deb\n Size/MD5 checksum: 11031094 f5926d349e00706a548fdb4f6c02dbac\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_hppa.deb\n Size/MD5 checksum: 50426978 4228e87f68b21f2627069a320603263d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_i386.deb\n Size/MD5 checksum: 9096292 1c535164988178a3d6b889f9d44f31e8\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_i386.deb\n Size/MD5 checksum: 81706 a7ca2818a1d14730077724e3acaf615f\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_i386.deb\n Size/MD5 checksum: 49451404 3525c3b01dd1142815513cc0d390493f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_ia64.deb\n Size/MD5 checksum: 14120046 8d6c6253c001988251523976eee216a1\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_ia64.deb\n Size/MD5 checksum: 99914 3a4bd7bd5ab87d20bbf5a962411ae4fa\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_ia64.deb\n Size/MD5 checksum: 50400330 dfa48b54a479b7f305c899bc3f395f92\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mips.deb\n Size/MD5 checksum: 53844792 613a7bc03c43510bcb09e09d33bce694\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mips.deb\n Size/MD5 checksum: 82810 e673433c89d7a74e95b86ed1a264fa5b\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mips.deb\n Size/MD5 checksum: 11038906 5f60ab9a24ad69a5b8c17ef69f31ef83\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mipsel.deb\n Size/MD5 checksum: 82872 e9fcd10390f6241f8ddc9c996807afe0\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mipsel.deb\n Size/MD5 checksum: 10735706 dcc381a4d6a0d26a0d69afb0696955db\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mipsel.deb\n Size/MD5 checksum: 52399756 ffa41f602d079d778355e5a4a7cbde18\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_powerpc.deb\n Size/MD5 checksum: 9913630 75da2ef9f6915fc6961cc56755f6b8fb\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_powerpc.deb\n Size/MD5 checksum: 83434 0b65d7b061d42bfb5ae48c9fb2f65e05\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_powerpc.deb\n Size/MD5 checksum: 51852988 59f76c278e30b86d7e3caaab603d774e\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_s390.deb\n Size/MD5 checksum: 87788 6cc1b69d90583e765b1f54bdd8ec88a4\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_s390.deb\n Size/MD5 checksum: 10339140 dd605f3c893a9fd281ee68c940faaea7\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_s390.deb\n Size/MD5 checksum: 50726238 fdc527fd80bb0383ea8ef02dca684f16\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_sparc.deb\n Size/MD5 checksum: 81548 f4e489f39594fda6a3a3498aea9bd986\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_sparc.deb\n Size/MD5 checksum: 9122208 28632988671ede31388d9caa46a5cfe9\n http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_sparc.deb\n Size/MD5 checksum: 49060394 1008a6ee3a9f8a3b6e46b766e62af10a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2008-02-10T20:46:22", "type": "debian", "title": "[SECURITY] [DSA 1489-1] New iceweasel packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2008-02-10T20:46:22", "id": "DEBIAN:DSA-1489-1:68AB5", "href": "https://lists.debian.org/debian-security-announce/2008/msg00051.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T01:43:17", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1485-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 17, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594\n\nA regression has been fixed in icedove&#x27;s frame handling code. For\nreference you can find the original update below:\n\nSeveral remote vulnerabilities have been discovered in the Icedove mail\nclient, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2008-0412\n\n Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.\n\nCVE-2008-0413\n\n Carsten Book, Wesley Garland, Igor Bukanov, &quot;moz_bug_r_a4&quot;, &quot;shutdown&quot;,\n Philip Taylor and &quot;tgirmann&quot; discovered crashes in the Javascript\n engine, which might allow the execution of arbitrary code.\n\nCVE-2008-0415\n\n &quot;moz_bug_r_a4&quot; and Boris Zbarsky discovered discovered several\n vulnerabilities in Javascript handling, which could allow\n privilege escalation.\n\nCVE-2008-0418\n\n Gerry Eisenhaur and &quot;moz_bug_r_a4&quot; discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.\n\nCVE-2008-0419\n\n David Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure or\n potentially the execution of arbitrary code.\n\nCVE-2008-0591\n\n Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (which disable dialog elements until a timeout is reached)\n could be bypassed by window focus changes through Javascript.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch2.\n\nThe Mozilla products in the old stable distribution (sarge) are no\nlonger supported with security updates.\n\nWe recommend that you upgrade your icedove packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2.diff.gz\n Size/MD5 checksum: 641080 8da0c046148daa841941f8fdf7d3a468\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1.orig.tar.gz\n Size/MD5 checksum: 35174191 b1a02873d5e320b1a208dbffc256baee\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2.dsc\n Size/MD5 checksum: 1934 ad83c84fbfa37e05030f04ab2beea2f0\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29162 6aba3762846d6cc855b59449938897a1\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29154 02b82cfbeda2ea8ada9a0646fc5c0691\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29142 cd038ed9a2e5a6b40da1f18a5a2debc0\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29162 283d27da1071b1039ab81c9aa2dcd11d\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29138 93dd70cced9714a43b34624bc2695571\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29150 397ae77f472a060749d09ffbcd6299f6\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29162 1fa418c580e8c82435f91ecd4bf41090\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29136 b2ffd7bea2f595a1f6fdc96af8e0be87\n http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29148 a3a86d0d519201557f17e58d54db82fc\n http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb\n Size/MD5 checksum: 29120 f318f2f878e868a74b1ead42db02fbff\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb\n Size/MD5 checksum: 3959884 710d3d698bf1179e55104abed949a6be\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb\n Size/MD5 checksum: 64920 a3e95ad0027ccfc73fc8fb63e52e7484\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb\n Size/MD5 checksum: 52788 a74420d45ab8a7ad2c435b2b54625570\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb\n Size/MD5 checksum: 13477550 8249b008b7de20fca03a4cead73e025d\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb\n Size/MD5 checksum: 201140 76410d580565d0e3877f34b88d68f977\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb\n Size/MD5 checksum: 52398862 626fc104e22aa5e728495fc143c9b604\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb\n Size/MD5 checksum: 51479922 fe1cc4dcd664e5c70d8c3394df0d61b0\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb\n Size/MD5 checksum: 12176406 b64a56a7f9e06df18f61f00918b62946\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb\n Size/MD5 checksum: 196168 e1b6a9ce58c58b8f14bc03cd41337e12\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb\n Size/MD5 checksum: 3678408 ef8c2f54f89929428b6f3df2b7c17089\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb\n Size/MD5 checksum: 52564 2a6ab2241730acdf6c3005259ef84098\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb\n Size/MD5 checksum: 61606 b748a3852ed2568670430065a6bcf5e2\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb\n Size/MD5 checksum: 190242 f01dc34e5354e61cb9b284513983e027\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb\n Size/MD5 checksum: 47528 a8e89efce73f53de6675ea0bc29493dd\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb\n Size/MD5 checksum: 10890322 f1c712ab506e05dbfcf6ed15e40ab267\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb\n Size/MD5 checksum: 3921368 835fe66a9f284867ae50813ee52ea5b7\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb\n Size/MD5 checksum: 59264 d116e875887ef623ea57b88b28b6ddf0\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb\n Size/MD5 checksum: 50840090 24a227e1250d063269c58c271ebca291\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb\n Size/MD5 checksum: 50740666 9b69293b1cbe427ed43818c1d2e18cc2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb\n Size/MD5 checksum: 48564 34c53bb12a93738db67d7769b67f2044\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb\n Size/MD5 checksum: 191210 13114249b05826f62ba589e2eeac2d2a\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb\n Size/MD5 checksum: 58590 6e1bec505bc3795924c9c6f4c63570e9\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb\n Size/MD5 checksum: 10908406 aa36c6587227a61eb2cf9b5440671351\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb\n Size/MD5 checksum: 3675024 95eed699227d9fbd5780c3d135a7d7d6\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb\n Size/MD5 checksum: 74640 c91145f299a8a2a1eb7046ea2aca52c6\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb\n Size/MD5 checksum: 3727470 a792a88b248cb0a337ce5ca83b588422\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb\n Size/MD5 checksum: 205256 6bcb0b58261a71e6e092d3b0058d4e7a\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb\n Size/MD5 checksum: 59970 1c67ec1fc7b615abd19c1389582baf1f\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb\n Size/MD5 checksum: 16555888 c50b8f8a39cc52c9c6ccd43bfd16e014\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb\n Size/MD5 checksum: 51781970 bb9ee0dcf256a786651f84adf2358a0a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb\n Size/MD5 checksum: 3947082 60d9ea6886588e9b41139780a903d69c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb\n Size/MD5 checksum: 48240 e5734152adc186470325e182d4b34f70\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb\n Size/MD5 checksum: 11605920 2e0319113e5009c052cacc7d0307e813\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb\n Size/MD5 checksum: 53114874 f2f4750010657a7adcf2911c57608309\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb\n Size/MD5 checksum: 58754 6792b308b73e2150584ef6890a208552\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb\n Size/MD5 checksum: 192942 88e0819fe73b595444f3dbd3a59232db\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb\n Size/MD5 checksum: 3682858 c932cc8a6829ca16e1f395b8e55fbebe\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb\n Size/MD5 checksum: 51683616 b2813b38b94d3715df3fb42bf7c1dad9\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb\n Size/MD5 checksum: 59210 5077fb067f758e5b9c5dfcf930cbfae2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb\n Size/MD5 checksum: 49522 e9ed5680a1d5ebc8afbb30d722ee6468\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb\n Size/MD5 checksum: 11360126 2078cd56ce9db6fb6245b1a9ee276482\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb\n Size/MD5 checksum: 192540 fdac9d9b390940dead89c96b3a730432\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb\n Size/MD5 checksum: 3677952 a858d6b19632c1a9ae9914bc9a5adc5b\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb\n Size/MD5 checksum: 53293566 63c20de9258639ff550589c12af40f8b\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb\n Size/MD5 checksum: 60974 9f9e242dfbfbe84cde06b7b661fe0728\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb\n Size/MD5 checksum: 11805570 d15eac8917db32cb04a8eac9d73a9c17\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb\n Size/MD5 checksum: 193224 38fd2de7e4b8df743acb2217e54f8b04\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb\n Size/MD5 checksum: 50124 61db63cfe9242e8379579bc3fcc32e88\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb\n Size/MD5 checksum: 62754 19a0e3377467c5a1e5fd53a5cd5070d4\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb\n Size/MD5 checksum: 3681554 395ed68c790698f0fcb30081ad1f9ea0\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb\n Size/MD5 checksum: 53184 9076795f592696f61c34c53ce29e1ebc\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb\n Size/MD5 checksum: 12835828 4d1137bbec37f67601f2a7eae99857b9\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb\n Size/MD5 checksum: 52154562 fc8a7b1ff7d7f9cae755629cd19dab80\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb\n Size/MD5 checksum: 197916 f7832e2b34d9142799b992794753aac4\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb\n Size/MD5 checksum: 50636782 35d513348d5dda2d7f4c682a7f3f639f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb\n Size/MD5 checksum: 190740 0b9a1afa87b0bb0e0bc3fa48d9e3e0bb\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb\n Size/MD5 checksum: 3671694 d890eeed08ecb1f0eeeff46f09bdeea3\n http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb\n Size/MD5 checksum: 11116804 ddb8b828546498479a3fddd718a0633c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb\n Size/MD5 checksum: 58654 35ee94e3ae7339f642ffce1fa42a7c29\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb\n Size/MD5 checksum: 48644 147aa5f5592ba08bc7f2ec42453a6104\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2008-03-17T20:39:07", "type": "debian", "title": "[SECURITY] [DSA 1485-2] New icedove packages fix regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"], "modified": "2008-03-17T20:39:07", "id": "DEBIAN:DSA-1485-2:D3677", "href": "https://lists.debian.org/debian-security-announce/2008/msg00088.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:15:20", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird. \n\n### Description\n\nThe following vulnerabilities were reported in all mentioned Mozilla products: \n\n * Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). \n * Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). \n * David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). \n * moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). \n * Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). \n * moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415). \n * Gerry Eisenhaur discovered a directory traversal vulnerability when using \"flat\" addons (CVE-2008-0418). \n * Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the \"0x80\" character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416). \n\nThe following vulnerability was reported in Thunderbird and SeaMonkey: \n\n * regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304). \n\nThe following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: \n\n * The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380).\n * hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414). \n * Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a \"canvas\" feature (CVE-2008-0420). \n * Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241). \n * oo.rio.oo discovered that a plain text file with a \"Content-Disposition: attachment\" prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592). \n * Martin Straka reported that the \".href\" property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593). \n * Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the \"Referer:\" HTTP header are removed (CVE-2008-1238). \n * Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879). \n * Gregory Fleischer reported that web content fetched via the \"jar:\" protocol was not subject to network access restrictions (CVE-2008-1240). \n\nThe following vulnerabilities were reported in Firefox: \n\n * Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417). \n * Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591). \n * Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594). \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-2.0.0.14\"\n\nAll Mozilla Firefox binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/mozilla-firefox-bin-2.0.0.14\"\n\nAll Mozilla Thunderbird users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/mozilla-thunderbird-2.0.0.14\"\n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/mozilla-thunderbird-bin-2.0.0.14\"\n\nAll SeaMonkey users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-1.1.9-r1\"\n\nAll SeaMonkey binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-1.1.9\"\n\nAll XULRunner users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/xulrunner-1.8.1.14\"\n\nNOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the SeaMonkey binary ebuild, as no precompiled packages have been released. Until an update is available, we recommend all SeaMonkey users to disable JavaScript, use Firefox for JavaScript-enabled browsing, or switch to the SeaMonkey source ebuild.", "cvss3": {}, "published": "2008-05-20T00:00:00", "type": "gentoo", "title": "Mozilla products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380"], "modified": "2008-05-20T00:00:00", "id": "GLSA-200805-18", "href": "https://security.gentoo.org/glsa/200805-18", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}