{"id": "USN-2189-1", "bulletinFamily": "unix", "title": "Thunderbird vulnerabilities", "description": "Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1518)\n\nAbhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523)\n\nAbhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1524)\n\nMariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. If a user had enabled scripting, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1529)\n\nIt was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. If a user had enabled scripting, an attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530)\n\nA use-after-free was discovered when resizing images in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1531)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1532)", "published": "2014-04-30T00:00:00", "modified": "2014-04-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2189-1/", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1523", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1532", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1518", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1524", "https://launchpad.net/bugs/1313886", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1529", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1530", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1531"], "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "type": "ubuntu", "lastseen": "2018-08-31T00:10:17", "history": [{"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.12.04.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.14.04.1"}, {"OS": "Ubuntu", "OSVersion": "13.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.13.10.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.12.10.1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1518)\n\nAbhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523)\n\nAbhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1524)\n\nMariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. If a user had enabled scripting, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1529)\n\nIt was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. If a user had enabled scripting, an attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530)\n\nA use-after-free was discovered when resizing images in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1531)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1532)", "edition": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "8c1aeb58c74485dbb4b8271bbcd30531ee9e29343fb0dad066b8fa1c7db8d377", "hashmap": [{"hash": "7de80bc5fc7c9b22ede5553d54689cb9", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "8d0ea4241d1fe334aa9b7ba61e614174", "key": "published"}, {"hash": "a0eb338090c746c05ca0465c2db5dee8", "key": "references"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "8d0ea4241d1fe334aa9b7ba61e614174", "key": "modified"}, {"hash": "270541de60f4c3f3a59380ab1e11e929", "key": "description"}, {"hash": "e8899a6352309f7385626b61b7e77c70", "key": "cvelist"}, {"hash": "cf1ee43419f36a271b5a0b793d74c4c2", "key": "affectedPackage"}, {"hash": "30bd6e4c2189dd4c8a73a0bfaa6a55e3", "key": "href"}], "history": [], "href": "https://usn.ubuntu.com/2189-1/", "id": "USN-2189-1", "lastseen": "2018-03-29T18:17:35", "modified": "2014-04-30T00:00:00", "objectVersion": "1.3", "published": "2014-04-30T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1523", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1532", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1518", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1524", "https://launchpad.net/bugs/1313886", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1529", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1530", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1531"], "reporter": "Ubuntu", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-03-29T18:17:35"}, {"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.12.04.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.14.04.1"}, {"OS": "Ubuntu", "OSVersion": "13.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.13.10.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.12.10.1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1518)\n\nAbhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523)\n\nAbhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1524)\n\nMariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. If a user had enabled scripting, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1529)\n\nIt was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. If a user had enabled scripting, an attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530)\n\nA use-after-free was discovered when resizing images in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1531)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1532)", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "195d4a8d6541791d21fa208c4263f0821667da01b77d576f90af0d85d657cc25", "hashmap": [{"hash": "7de80bc5fc7c9b22ede5553d54689cb9", "key": "title"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "8d0ea4241d1fe334aa9b7ba61e614174", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "a0eb338090c746c05ca0465c2db5dee8", "key": "references"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "8d0ea4241d1fe334aa9b7ba61e614174", "key": "modified"}, {"hash": "270541de60f4c3f3a59380ab1e11e929", "key": "description"}, {"hash": "e8899a6352309f7385626b61b7e77c70", "key": "cvelist"}, {"hash": "cf1ee43419f36a271b5a0b793d74c4c2", "key": "affectedPackage"}, {"hash": "30bd6e4c2189dd4c8a73a0bfaa6a55e3", "key": "href"}], "history": [], "href": "https://usn.ubuntu.com/2189-1/", "id": "USN-2189-1", "lastseen": "2018-08-30T20:09:14", "modified": "2014-04-30T00:00:00", "objectVersion": "1.3", "published": "2014-04-30T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1523", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1532", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1518", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1524", "https://launchpad.net/bugs/1313886", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1529", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1530", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1531"], "reporter": "Ubuntu", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T20:09:14"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "cf1ee43419f36a271b5a0b793d74c4c2"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "e8899a6352309f7385626b61b7e77c70"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "270541de60f4c3f3a59380ab1e11e929"}, {"key": "href", "hash": "30bd6e4c2189dd4c8a73a0bfaa6a55e3"}, {"key": "modified", "hash": "8d0ea4241d1fe334aa9b7ba61e614174"}, {"key": "published", "hash": "8d0ea4241d1fe334aa9b7ba61e614174"}, {"key": "references", "hash": "a0eb338090c746c05ca0465c2db5dee8"}, {"key": "reporter", "hash": "3d945423f8e9496c429a5d8c65b4604f"}, {"key": "title", "hash": "7de80bc5fc7c9b22ede5553d54689cb9"}, {"key": "type", "hash": "1d41c853af58d3a7ae54990ce29417d8"}], "hash": "8c1aeb58c74485dbb4b8271bbcd30531ee9e29343fb0dad066b8fa1c7db8d377", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.12.04.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.14.04.1"}, {"OS": "Ubuntu", "OSVersion": "13.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.13.10.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "1:24.5.0+build1-0ubuntu0.12.10.1"}]}

{"debian": [{"lastseen": "2016-09-02T18:24:40", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-csb_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-csb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-dsb_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-dsb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-id_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-id", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "xulrunner-17.0_24.5.0esr-1~deb7u1_all.deb", "packageName": "xulrunner-17.0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-es-es_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-es-es", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-az_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-az", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-de_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-de", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-uk_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-uk", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-sr_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-sr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ta_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ta", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ko_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ko", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-mai_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-mai", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ak_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ak", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-es-mx_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-es-mx", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-xh_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-xh", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-tr_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-tr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-lv_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-lv", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-as_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-as", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-bg_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-bg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-rm_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-rm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-eu_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-eu", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "libmozjs17d-dbg_24.5.0esr-1~deb7u1_all.deb", "packageName": "libmozjs17d-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-hr_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-hr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ru_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ru", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-is_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-is", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-gd_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-gd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-cy_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-cy", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-pt-br_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-pt-br", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-fy-nl_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-fy-nl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-dev_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-cs_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-cs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-eo_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-eo", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ast_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ast", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-hu_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-hu", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ml_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ml", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-te_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-te", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "libmozjs17d_24.5.0esr-1~deb7u1_all.deb", "packageName": "libmozjs17d", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-af_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-af", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-da_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-da", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-nn-no_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-nn-no", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ms_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ms", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ta-lk_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ta-lk", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ach_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ach", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-zu_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-zu", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-gu-in_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-gu-in", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-mk_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-mk", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-en-gb_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-en-gb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-bn-in_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-bn-in", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-uz_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-uz", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-bs_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-bs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-mr_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-mr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-nl_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-nl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-et_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-et", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-he_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-he", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-kk_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-kk", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-fr_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-fr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-gl_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-gl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-be_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-be", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-vi_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-vi", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-es-cl_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-es-cl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-pt-pt_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-pt-pt", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-an_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-an", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-br_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-br", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-si_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-si", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "xulrunner-17.0-dbg_24.5.0esr-1~deb7u1_all.deb", "packageName": "xulrunner-17.0-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-all_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-lt_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-lt", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ku_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ku", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "libmozjs-dev_24.5.0esr-1~deb7u1_all.deb", "packageName": "libmozjs-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-hsb_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-hsb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-sl_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-sl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ja_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ja", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-km_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-km", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ro_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ro", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-sv-se_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-sv-se", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-fi_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-fi", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-bn-bd_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-bn-bd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ga-ie_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ga-ie", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-zh-cn_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-zh-cn", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-sk_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-sk", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-nso_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-nso", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-hi-in_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-hi-in", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-el_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-el", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-es-ar_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-es-ar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-sq_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-sq", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-en-za_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-en-za", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ff_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ff", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-lij_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-lij", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "xulrunner-dev_24.5.0esr-1~deb7u1_all.deb", "packageName": "xulrunner-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ar_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ar", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-lg_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-lg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-dbg_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-fa_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-fa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-kn_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-kn", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-hy-am_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-hy-am", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-th_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-th", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-pl_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-pl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-nb-no_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-nb-no", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-zh-tw_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-zh-tw", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "spidermonkey-bin_24.5.0esr-1~deb7u1_all.deb", "packageName": "spidermonkey-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-or_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-or", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-son_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-son", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-pa-in_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-pa-in", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-it_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-it", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0esr-1~deb7u1", "arch": "all", "packageFilename": "iceweasel-l10n-ca_24.5.0esr-1~deb7u1_all.deb", "packageName": "iceweasel-l10n-ca", "operator": "lt"}], "description": "Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, privilege escalation, cross-site scripting or denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 24.5.0esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 24.5.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.", "edition": 1, "reporter": "Debian", "published": "2014-04-30T00:00:00", "title": "iceweasel -- security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-04-30T00:00:00", "id": "DSA-2918", "href": "http://www.debian.org/security/dsa-2918", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-05-28T02:37:46", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "24.5.0-1~deb7u1", "arch": "all", "packageFilename": "icedove_24.5.0-1~deb7u1_all.deb", "packageName": "icedove", "operator": "lt"}], "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: multiple memory safety errors, buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, privilege escalation, cross-site scripting or denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 24.5.0-1~deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in version 24.5.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 24.5.0-1.\n\nWe recommend that you upgrade your icedove packages.", "edition": 4, "reporter": "Debian", "published": "2014-05-05T00:00:00", "title": "icedove -- security update", "type": "debian", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-05-05T00:00:00", "id": "DSA-2924", "href": "http://www.debian.org/security/dsa-2924", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:49:58", "references": ["http://linux.oracle.com/errata/ELSA-2014-0448.html"], "pluginID": "1361412562310123418", "description": "Oracle Linux Local Security Checks ELSA-2014-0448", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2014-0448", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310123418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123418", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2014-0448.nasl 6559 2017-07-06 11:57:32Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123418\");\nscript_version(\"$Revision: 6559 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 14:03:32 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:57:32 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2014-0448\");\nscript_tag(name: \"insight\", value: \"ELSA-2014-0448 - firefox security update - [24.5.0-1.0.1]- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one- Build with nspr-devel >= 4.10.0 to fix build failure[24.5.0-1]- Update to 24.5.0 ESR[24.4.0-3]- Added a workaround for Bug 1054242 - RHEVM: Extremely high memory usage in Firefox 24 ESR on RHEL 6.5[24.4.0-2]- fixed rhbz#1067343 - Broken languagepack configuration after firefox update\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2014-0448\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2014-0448.html\");\nscript_cve_id(\"CVE-2014-1518\",\"CVE-2014-1523\",\"CVE-2014-1524\",\"CVE-2014-1529\",\"CVE-2014-1530\",\"CVE-2014-1531\",\"CVE-2014-1532\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.5.0~1.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.5.0~1.0.1.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:55:30", "references": ["2014:0448", "http://lists.centos.org/pipermail/centos-announce/2014-April/020274.html"], "pluginID": "1361412562310881930", "description": "Check for the Version of firefox", "edition": 4, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-05-05T00:00:00", "title": "CentOS Update for firefox CESA-2014:0448 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881930", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881930", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2014:0448 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881930\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:19:05 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\",\n \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for firefox CESA-2014:0448 centos5 \");\n\n tag_insight = \"Mozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Firefox resolved hosts in\ncertain circumstances. An attacker could use this flaw to crash Firefox or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Firefox decoded JPEG\nimages. Loading a web page containing a specially crafted JPEG image could\ncause Firefox to crash. (CVE-2014-1523)\n\nA flaw was found in the way Firefox handled browser navigations through\nhistory. An attacker could possibly use this flaw to cause the address bar\nof the browser to display a web page name while loading content from an\nentirely different web page, which could allow for cross-site scripting\n(XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,\nAbhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse\nSchwartzentrube as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to this updated package, which contains\nFirefox version 24.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\";\n\n tag_affected = \"firefox on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0448\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020274.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.5.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:28", "references": ["2014:0448-01", "https://www.redhat.com/archives/rhsa-announce/2014-April/msg00052.html"], "pluginID": "1361412562310871163", "description": "Check for the Version of firefox", "edition": 4, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-05-05T00:00:00", "title": "RedHat Update for firefox RHSA-2014:0448-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310871163", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871163", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2014:0448-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871163\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:29:26 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\",\n \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for firefox RHSA-2014:0448-01\");\n\n tag_insight = \"Mozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Firefox resolved hosts in\ncertain circumstances. An attacker could use this flaw to crash Firefox or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Firefox decoded JPEG\nimages. Loading a web page containing a specially crafted JPEG image could\ncause Firefox to crash. (CVE-2014-1523)\n\nA flaw was found in the way Firefox handled browser navigations through\nhistory. An attacker could possibly use this flaw to cause the address bar\nof the browser to display a web page name while loading content from an\nentirely different web page, which could allow for cross-site scripting\n(XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,\nAbhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse\nSchwartzentrube as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to this updated package, which contains\nFirefox version 24.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\";\n\n tag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0448-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-April/msg00052.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.5.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~24.5.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.5.0~1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~24.5.0~1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:48:53", "references": ["http://lists.centos.org/pipermail/centos-announce/2014-April/020276.html", "2014:0449"], "pluginID": "881928", "description": "Check for the Version of thunderbird", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-05-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "CentOS Update for thunderbird CESA-2014:0449 centos5 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881928", "id": "OPENVAS:881928", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2014:0449 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881928);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:17:55 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\",\n \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for thunderbird CESA-2014:0449 centos5 \");\n\n tag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Thunderbird resolved hosts in\ncertain circumstances. An attacker could use this flaw to crash Thunderbird\nor, potentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Thunderbird decoded JPEG\nimages. Loading an email or a web page containing a specially crafted JPEG\nimage could cause Thunderbird to crash. (CVE-2014-1523)\n\nA flaw was found in the way Thunderbird handled browser navigations through\nhistory. An attacker could possibly use this flaw to cause the address bar\nof the browser to display a web page name while loading content from an\nentirely different web page, which could allow for cross-site scripting\n(XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,\nAbhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse\nSchwartzentrube as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\";\n\n tag_affected = \"thunderbird on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0449\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020276.html\");\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~24.5.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:16", "references": ["2189-1", "http://www.ubuntu.com/usn/usn-2189-1/"], "pluginID": "841803", "description": "Check for the Version of thunderbird", "edition": 3, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-05-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Ubuntu Update for thunderbird USN-2189-1", "type": "openvas", "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841803", "id": "OPENVAS:841803", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2189_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for thunderbird USN-2189-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841803);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:26:36 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\",\n \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for thunderbird USN-2189-1\");\n\n tag_insight = \"Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan\nde Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple\nmemory safety issues in Thunderbird. If a user were tricked in to opening\na specially crafted message with scripting enabled, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2014-1518)\n\nAbhishek Arya discovered an out of bounds read when decoding JPG images.\nAn attacker could potentially exploit this to cause a denial of service\nvia application crash. (CVE-2014-1523)\n\nAbhishek Arya discovered a buffer overflow when a script uses a non-XBL\nobject as an XBL object. If a user had enabled scripting, an attacker\ncould potentially exploit this to execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2014-1524)\n\nMariusz Mlynski discovered that sites with notification permissions can\nrun script in a privileged context in some circumstances. If a user had\nenabled scripting, an attacker could exploit this to execute arbitrary\ncode with the privileges of the user invoking Thunderbird. (CVE-2014-1529)\n\nIt was discovered that browser history navigations could be used to load\na site with the addressbar displaying the wrong address. If a user had\nenabled scripting, an attacker could potentially exploit this to conduct\ncross-site scripting or phishing attacks. (CVE-2014-1530)\n\nA use-after-free was discovered when resizing images in some\ncircumstances. If a user had enabled scripting, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2014-1531)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free during\nhost resolution in some circumstances. An attacker could potentially\nexploit this to cause a denial of service via application crash or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2014-1532)\";\n\n tag_affected = \"thunderbird on Ubuntu 14.04 LTS ,\n Ubuntu 13.10 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2189-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2189-1/\");\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.5.0+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.5.0+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.5.0+build1-0ubuntu0.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:24.5.0+build1-0ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-17T13:37:31", "references": ["http://secunia.com/advisories/58234", "http://www.mozilla.org/security/announce/2014/mfsa2014-34.html"], "pluginID": "1361412562310804564", "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "edition": 8, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-05-06T00:00:00", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 May14 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1520", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2018-09-15T00:00:00", "id": "OPENVAS:1361412562310804564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mult_vuln01_may14_win.nasl 37404 2014-05-06 15:47:12Z may$\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities-01 May14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804564\");\n script_version(\"$Revision: 11402 $\");\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1520\", \"CVE-2014-1523\", \"CVE-2014-1524\",\n \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_bugtraq_id(67123, 67126, 67129, 67131, 67135, 67137, 67134, 67130);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-15 11:13:36 +0200 (Sat, 15 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-06 15:47:12 +0530 (Tue, 06 May 2014)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities-01 May14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Using certain temp directory within maintenservice_installer.exe in an\n insecure way.\n\n - An error exists when validating the XBL status of an object.\n\n - An error exists when handling site notifications within the Web Notification\n API.\n\n - An error exists when handling browser navigations through history to load a\n website.\n\n - A use-after-free error exists when handling an imgLoader object within the\n 'nsGenericHTMLElement::GetWidthHeightForImage()' function.\n\n - An error exists in NSS.\n\n - A use-after-free error exists when handling host resolution within the\n 'libxul.so!nsHostResolver::ConditionallyRefreshRecord()' function.\n\n - And some unspecified errors exist.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct spoofing attacks,\ndisclose potentially sensitive information, bypass certain security\nrestrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 24.x before 24.5 on Windows\");\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 24.5 or later,\nFor updates refer to http://www.mozilla.com/en-US/firefox/all.html\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/58234\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-34.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^24\\.\" && version_in_range(version:ffVer,\n test_version:\"24.0\", test_version2:\"24.4\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:51", "references": ["2014:0665_1"], "pluginID": "1361412562310850986", "description": "Check the version of Mozilla", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "title": "SuSE Update for Mozilla SUSE-SU-2014:0665-1 (Mozilla)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310850986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850986", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0665_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for Mozilla SUSE-SU-2014:0665-1 (Mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850986\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 16:12:41 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-1492\", \"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Mozilla SUSE-SU-2014:0665-1 (Mozilla)\");\n script_tag(name: \"summary\", value: \"Check the version of Mozilla\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This Mozilla Firefox and Mozilla NSS update fixes several security and\n non-security issues.\n\n Mozilla Firefox has been updated to 24.5.0esr which fixes the following\n issues:\n\n * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards\n * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG\n images\n * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object\n as XBL\n * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web\n Notification API\n * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history\n navigations\n * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while\n resizing images\n * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver\n\n Mozilla NSS has been updated to 3.16\n\n * required for Firefox 29\n * CVE-2014-1492_ In a wildcard certificate, the wildcard character\n should not be embedded within the U-label of an internationalized\n domain name. See the last bullet point in RFC 6125, Section 7.2.\n * Update of root certificates.\n\n Security Issue references:\n\n * CVE-2014-1532\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532 \n * CVE-2014-1531\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531 \n * CVE-2014-1530\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530 \n * CVE-2014-1529\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529 \n * CVE-2014-1524\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524 \n * CVE-2014-1523\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523 \n * CVE-2014-1518\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518 \n * CVE-2014-1492\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492\");\n script_tag(name: \"affected\", value: \"Mozilla on SUSE Linux Enterprise Server 11 SP1 LTSS\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2014:0665_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES11.0SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.5.0esr~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED-24\", rpm:\"MozillaFirefox-branding-SLED-24~0.4.10.14\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~24.5.0esr~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.16~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.10.4~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.16~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.16~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.16~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.10.4~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.16~0.3.1\", rls:\"SLES11.0SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:20", "references": ["2014:0638_1"], "pluginID": "1361412562310850748", "description": "Check the version of Mozilla", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-13T00:00:00", "title": "SuSE Update for Mozilla SUSE-SU-2014:0638-1 (Mozilla)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1520", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310850748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0638_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for Mozilla SUSE-SU-2014:0638-1 (Mozilla)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850748\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1520\", \"CVE-2014-1523\", \"CVE-2014-1524\",\n \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\",\n \"CVE-2014-1492\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Mozilla SUSE-SU-2014:0638-1 (Mozilla)\");\n script_tag(name: \"summary\", value: \"Check the version of Mozilla\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the\n following several security and non-security issues:\n\n * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards\n * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG\n images\n * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object\n as XBL\n * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web\n Notification API\n * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history\n navigations\n * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while\n resizing images\n * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver\n\n Mozilla NSS has been updated to 3.16:\n\n * required for Firefox 29\n * CVE-2014-1492: In a wildcard certificate, the wildcard character\n should not be embedded within the U-label of an internationalized domain\n name. See the last bullet point in RFC 6125, Section 7.2.\n * Update of root certificates.\n\n Security Issue references:\n\n * CVE-2014-1532\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532 \n * CVE-2014-1531\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531 \n * CVE-2014-1530\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530 \n * CVE-2014-1529\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529 \n * CVE-2014-1524\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524 \n * CVE-2014-1523\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523 \n * CVE-2014-1520\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520 \n * CVE-2014-1518\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518\");\n script_tag(name: \"affected\", value: \"Mozilla on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2014:0638_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~24.5.0esr~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-SLED-24\", rpm:\"MozillaFirefox-branding-SLED-24~0.7.36\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~24.5.0esr~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.10.4~0.3.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.10.4~0.3.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-x86\", rpm:\"libfreebl3-x86~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-x86\", rpm:\"libsoftokn3-x86~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nspr-x86\", rpm:\"mozilla-nspr-x86~4.10.4~0.3.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-x86\", rpm:\"mozilla-nss-x86~3.16~0.8.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:39", "references": ["http://www.debian.org/security/2014/dsa-2924.html"], "pluginID": "1361412562310702924", "description": "Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client: multiple memory safety\nerrors, buffer overflows, missing permission checks, out of bound reads,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code, privilege escalation, cross-site scripting\nor denial of service.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-05-05T00:00:00", "title": "Debian Security Advisory DSA 2924-1 (icedove - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310702924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702924", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2924.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2924-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icedove on Debian Linux\";\ntag_insight = \"Icedove is an unbranded Thunderbird mail client suitable for free\ndistribution. It supports different mail accounts (POP, IMAP, Gmail), has an\nintegrated learning Spam filter, and offers easy organization of mails with\ntagging and virtual folders. Also, more features can be added by installing\nextensions.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 24.5.0-1~deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 24.5.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 24.5.0-1.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client: multiple memory safety\nerrors, buffer overflows, missing permission checks, out of bound reads,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code, privilege escalation, cross-site scripting\nor denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702924\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_name(\"Debian Security Advisory DSA 2924-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-05-05 00:00:00 +0200 (Mon, 05 May 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2924.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.5.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:25", "references": ["2014:0449", "http://lists.centos.org/pipermail/centos-announce/2014-April/020272.html"], "pluginID": "1361412562310881929", "description": "Check for the Version of thunderbird", "edition": 4, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-05-05T00:00:00", "title": "CentOS Update for thunderbird CESA-2014:0449 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881929", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2014:0449 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881929\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:18:36 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\",\n \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for thunderbird CESA-2014:0449 centos6 \");\n\n tag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Thunderbird resolved hosts in\ncertain circumstances. An attacker could use this flaw to crash Thunderbird\nor, potentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Thunderbird decoded JPEG\nimages. Loading an email or a web page containing a specially crafted JPEG\nimage could cause Thunderbird to crash. (CVE-2014-1523)\n\nA flaw was found in the way Thunderbird handled browser navigations through\nhistory. An attacker could possibly use this flaw to cause the address bar\nof the browser to display a web page name while loading content from an\nentirely different web page, which could allow for cross-site scripting\n(XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,\nAbhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse\nSchwartzentrube as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\";\n\n tag_affected = \"thunderbird on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0449\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-April/020272.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~24.5.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:52:28", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2014-44/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-43/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-37/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-38/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-42/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-34/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-46/"], "pluginID": "73770", "description": "The installed version of Thunderbird is a version prior to 24.5 and is, therefore, potentially affected by the following vulnerabilities:\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1518, CVE-2014-1519)\n\n - An out-of-bounds read issue exists when decoding certain JPG images that could lead to a denial of service. (CVE-2014-1523)\n\n - A memory corruption issue exists due to improper validation of XBL objects that could lead to arbitrary code execution. (CVE-2014-1524)\n\n - A security bypass issue exists in the Web Notification API that could lead to arbitrary code execution.\n (CVE-2014-1529)\n\n - A cross-site scripting issue exists that could allow an attacker to load another website other than the URL for the website that is shown in the address bar.\n (CVE-2014-1530)\n\n - A use-after-free issue exists due to an 'imgLoader' object being freed when being resized. This issue could lead to arbitrary code execution. (CVE-2014-1531)\n\n - A use-after-free issue exists during host resolution that could lead to arbitrary code execution.\n (CVE-2014-1532)", "edition": 7, "reporter": "Tenable", "published": "2014-04-29T00:00:00", "title": "Mozilla Thunderbird < 24.5 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1519", "CVE-2014-1518"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_24_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73770", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73770);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\n \"CVE-2014-1518\",\n \"CVE-2014-1519\",\n \"CVE-2014-1523\",\n \"CVE-2014-1524\",\n \"CVE-2014-1529\",\n \"CVE-2014-1530\",\n \"CVE-2014-1531\",\n \"CVE-2014-1532\"\n );\n script_bugtraq_id(\n 67123,\n 67125,\n 67129,\n 67130,\n 67131,\n 67134,\n 67135,\n 67137\n );\n\n script_name(english:\"Mozilla Thunderbird < 24.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is a version prior to 24.5 and\nis, therefore, potentially affected by the following vulnerabilities:\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1518, CVE-2014-1519)\n\n - An out-of-bounds read issue exists when decoding\n certain JPG images that could lead to a denial of\n service. (CVE-2014-1523)\n\n - A memory corruption issue exists due to improper\n validation of XBL objects that could lead to arbitrary\n code execution. (CVE-2014-1524)\n\n - A security bypass issue exists in the Web Notification\n API that could lead to arbitrary code execution.\n (CVE-2014-1529)\n\n - A cross-site scripting issue exists that could allow an\n attacker to load another website other than the URL for\n the website that is shown in the address bar.\n (CVE-2014-1530)\n\n - A use-after-free issue exists due to an 'imgLoader'\n object being freed when being resized. This issue\n could lead to arbitrary code execution. (CVE-2014-1531)\n\n - A use-after-free issue exists during host resolution\n that could lead to arbitrary code execution.\n (CVE-2014-1532)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-37/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-38/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-42/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-43/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-44/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-46/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 24.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'24.5', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:23", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2014-44/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-43/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-37/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-38/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-42/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-34/", "http://www.mozilla.org/security/announce/2014/mfsa2014-46.html"], "pluginID": "73765", "description": "The installed version of Firefox ESR 24.x is prior to 24.5 and is, therefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1518, CVE-2014-1519)\n\n - An out-of-bounds read issue exists when decoding certain JPG images that could lead to a denial of service. (CVE-2014-1523)\n\n - A memory corruption issue exists due to improper validation of XBL objects that could lead to arbitrary code execution. (CVE-2014-1524)\n\n - A security bypass issue exists in the Web Notification API that could lead to arbitrary code execution.\n (CVE-2014-1529)\n\n - A cross-site scripting issue exists that could allow an attacker to load another website other than the URL for the website that is shown in the address bar.\n (CVE-2014-1530)\n\n - A use-after-free issue exists due to an 'imgLoader' object being freed when being resized. This issue could lead to arbitrary code execution. (CVE-2014-1531)\n\n - A use-after-free issue exists during host resolution that could lead to arbitrary code execution.\n (CVE-2014-1532)", "edition": 7, "reporter": "Tenable", "published": "2014-04-29T00:00:00", "title": "Firefox ESR 24.x < 24.5 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1519", "CVE-2014-1518"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOSX_FIREFOX_24_5_ESR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73765", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73765);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1518\",\n \"CVE-2014-1519\",\n \"CVE-2014-1523\",\n \"CVE-2014-1524\",\n \"CVE-2014-1529\",\n \"CVE-2014-1530\",\n \"CVE-2014-1531\",\n \"CVE-2014-1532\"\n );\n script_bugtraq_id(\n 67123,\n 67125,\n 67129,\n 67130,\n 67131,\n 67134,\n 67135,\n 67137\n );\n\n script_name(english:\"Firefox ESR 24.x < 24.5 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox ESR 24.x is prior to 24.5 and is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1518, CVE-2014-1519)\n\n - An out-of-bounds read issue exists when decoding\n certain JPG images that could lead to a denial of\n service. (CVE-2014-1523)\n\n - A memory corruption issue exists due to improper\n validation of XBL objects that could lead to arbitrary\n code execution. (CVE-2014-1524)\n\n - A security bypass issue exists in the Web Notification\n API that could lead to arbitrary code execution.\n (CVE-2014-1529)\n\n - A cross-site scripting issue exists that could allow an\n attacker to load another website other than the URL for\n the website that is shown in the address bar.\n (CVE-2014-1530)\n\n - A use-after-free issue exists due to an 'imgLoader'\n object being freed when being resized. This issue\n could lead to arbitrary code execution. (CVE-2014-1531)\n\n - A use-after-free issue exists during host resolution\n that could lead to arbitrary code execution.\n (CVE-2014-1532)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-37/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-38/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-42/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-43/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-44/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-46.html\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox ESR 24.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'24.5', min:'24.0', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:57:36", "references": ["http://www.nessus.org/u?0eb54e53", "http://support.novell.com/security/cve/CVE-2014-1530.html", "http://www.nessus.org/u?23dd3d70", "http://support.novell.com/security/cve/CVE-2014-1492.html", "http://support.novell.com/security/cve/CVE-2014-1523.html", "http://support.novell.com/security/cve/CVE-2014-1532.html", "http://support.novell.com/security/cve/CVE-2014-1518.html", "http://support.novell.com/security/cve/CVE-2014-1524.html", "https://bugzilla.novell.com/869827", "http://support.novell.com/security/cve/CVE-2014-1531.html", "https://bugzilla.novell.com/865539", "https://bugzilla.novell.com/875378", "http://support.novell.com/security/cve/CVE-2014-1529.html"], "pluginID": "83621", "description": "This Mozilla Firefox and Mozilla NSS update fixes several security and non-security issues.\n\nMozilla Firefox has been updated to 24.5.0esr which fixes the following issues :\n\n - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards\n\n - MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images\n\n - MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL\n\n - MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API\n\n - MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations\n\n - MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images\n\n - MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver\n\nMozilla NSS has been updated to 3.16\n\n - required for Firefox 29\n\n - CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2.\n\n - Update of root certificates.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-05-20T00:00:00", "title": "SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2014:0665-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozilla-nspr", "p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:MozillaFirefox", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"], "id": "SUSE_SU-2014-0665-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:0665-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83621);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/05/20 15:11:10 $\");\n\n script_cve_id(\"CVE-2014-1492\", \"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_bugtraq_id(66356, 67123, 67129, 67130, 67131, 67134, 67135, 67137);\n\n script_name(english:\"SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2014:0665-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Mozilla Firefox and Mozilla NSS update fixes several security and\nnon-security issues.\n\nMozilla Firefox has been updated to 24.5.0esr which fixes the\nfollowing issues :\n\n - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety\n hazards\n\n - MFSA 2014-37/CVE-2014-1523 Out of bounds read while\n decoding JPG images\n\n - MFSA 2014-38/CVE-2014-1524 Buffer overflow when using\n non-XBL object as XBL\n\n - MFSA 2014-42/CVE-2014-1529 Privilege escalation through\n Web Notification API\n\n - MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS)\n using history navigations\n\n - MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader\n while resizing images\n\n - MFSA 2014-46/CVE-2014-1532 Use-after-free in\n nsHostResolver\n\nMozilla NSS has been updated to 3.16\n\n - required for Firefox 29\n\n - CVE-2014-1492_ In a wildcard certificate, the wildcard\n character should not be embedded within the U-label of\n an internationalized domain name. See the last bullet\n point in RFC 6125, Section 7.2.\n\n - Update of root certificates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=02d70d3c9e25d9db60e36b3f80b0bc27\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23dd3d70\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1492.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1518.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1523.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1524.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1529.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1530.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1532.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/865539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/869827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/875378\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20140665-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0eb54e53\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-MozillaFirefox-201404-9187\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^1$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.16-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.16-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.16-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"mozilla-nspr-32bit-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.16-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"MozillaFirefox-24.5.0esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"MozillaFirefox-branding-SLED-24-0.4.10.14\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"MozillaFirefox-translations-24.5.0esr-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libfreebl3-3.16-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"mozilla-nspr-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"mozilla-nss-3.16-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"mozilla-nss-tools-3.16-0.3.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:08", "references": ["http://www.nessus.org/u?c0be8845"], "pluginID": "73798", "description": "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Thunderbird decoded JPEG images. Loading an email or a web page containing a specially crafted JPEG image could cause Thunderbird to crash. (CVE-2014-1523)\n\nA flaw was found in the way Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross- site scripting (XSS) attacks. (CVE-2014-1530)\n\nNote: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the changes to take effect.", "edition": 4, "reporter": "Tenable", "published": "2014-05-01T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-06-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140429_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73798", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73798);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/06/14 00:01:15 $\");\n\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2014-1518, CVE-2014-1524,\nCVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Thunderbird resolved hosts\nin certain circumstances. An attacker could use this flaw to crash\nThunderbird or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Thunderbird decoded\nJPEG images. Loading an email or a web page containing a specially\ncrafted JPEG image could cause Thunderbird to crash. (CVE-2014-1523)\n\nA flaw was found in the way Thunderbird handled browser navigations\nthrough history. An attacker could possibly use this flaw to cause the\naddress bar of the browser to display a web page name while loading\ncontent from an entirely different web page, which could allow for\ncross- site scripting (XSS) attacks. (CVE-2014-1530)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1404&L=scientific-linux-errata&T=0&P=2839\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0be8845\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-24.5.0-1.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-24.5.0-1.el5_10\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-24.5.0-1.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-24.5.0-1.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:15", "references": ["http://www.nessus.org/u?c73796a7", "http://www.nessus.org/u?d62cc848", "http://www.nessus.org/u?74c6729c"], "pluginID": "73819", "description": "Update to latest upstream.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2014-05-02T00:00:00", "title": "Fedora 20 : firefox-29.0-5.fc20 / thunderbird-24.5.0-1.fc20 / xulrunner-29.0-1.fc20 (2014-5833)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1520", "CVE-2014-1524", "CVE-2014-1519", "CVE-2014-1518"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:thunderbird"], "id": "FEDORA_2014-5833.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73819", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-5833.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73819);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:32:19 $\");\n\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1519\", \"CVE-2014-1520\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_xref(name:\"FEDORA\", value:\"2014-5833\");\n\n script_name(english:\"Fedora 20 : firefox-29.0-5.fc20 / thunderbird-24.5.0-1.fc20 / xulrunner-29.0-1.fc20 (2014-5833)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132331.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c73796a7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d62cc848\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74c6729c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox, thunderbird and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"firefox-29.0-5.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"thunderbird-24.5.0-1.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"xulrunner-29.0-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / thunderbird / xulrunner\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:14", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-April/004093.html"], "pluginID": "73795", "description": "From Red Hat Security Advisory 2014:0449 :\n\nAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Thunderbird decoded JPEG images. Loading an email or a web page containing a specially crafted JPEG image could cause Thunderbird to crash. (CVE-2014-1523)\n\nA flaw was found in the way Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse Schwartzentrube as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.5.0. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes to take effect.", "edition": 6, "reporter": "Tenable", "published": "2014-05-01T00:00:00", "title": "Oracle Linux 6 : thunderbird (ELSA-2014-0449)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2014-0449.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73795", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0449 and \n# Oracle Linux Security Advisory ELSA-2014-0449 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73795);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_xref(name:\"RHSA\", value:\"2014:0449\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2014-0449)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0449 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2014-1518, CVE-2014-1524,\nCVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Thunderbird resolved hosts\nin certain circumstances. An attacker could use this flaw to crash\nThunderbird or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Thunderbird decoded\nJPEG images. Loading an email or a web page containing a specially\ncrafted JPEG image could cause Thunderbird to crash. (CVE-2014-1523)\n\nA flaw was found in the way Thunderbird handled browser navigations\nthrough history. An attacker could possibly use this flaw to cause the\naddress bar of the browser to display a web page name while loading\ncontent from an entirely different web page, which could allow for\ncross-site scripting (XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph\nDiehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd,\nChristian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils,\nTyson Smith and Jesse Schwartzentrube as the original reporters of\nthese issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 24.5.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004093.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-24.5.0-1.0.1.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:32", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2014-44/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-43/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-37/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-38/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-42/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-34/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-46/"], "pluginID": "73767", "description": "The installed version of Thunderbird is a version prior to version 24.5. It is, therefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1518, CVE-2014-1519)\n\n - An out-of-bounds read issue exists when decoding certain JPG images that could lead to a denial of service. (CVE-2014-1523)\n\n - A memory corruption issue exists due to improper validation of XBL objects that could lead to arbitrary code execution. (CVE-2014-1524)\n\n - A security bypass issue exists in the Web Notification API that could lead to arbitrary code execution.\n (CVE-2014-1529)\n\n - A cross-site scripting issue exists that could allow an attacker to load another website other than the URL for the website that is shown in the address bar.\n (CVE-2014-1530)\n\n - A use-after-free issue exists due to an 'imgLoader' object being freed when being resized. This issue could lead to arbitrary code execution. (CVE-2014-1531)\n\n - A use-after-free issue exists during host resolution that could lead to arbitrary code execution.\n (CVE-2014-1532)", "edition": 7, "reporter": "Tenable", "published": "2014-04-29T00:00:00", "title": "Thunderbird < 24.5 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1519", "CVE-2014-1518"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_24_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73767);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1518\",\n \"CVE-2014-1519\",\n \"CVE-2014-1523\",\n \"CVE-2014-1524\",\n \"CVE-2014-1529\",\n \"CVE-2014-1530\",\n \"CVE-2014-1531\",\n \"CVE-2014-1532\"\n );\n script_bugtraq_id(\n 67123,\n 67125,\n 67129,\n 67130,\n 67131,\n 67134,\n 67135,\n 67137\n );\n\n script_name(english:\"Thunderbird < 24.5 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is a version prior to version\n24.5. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1518, CVE-2014-1519)\n\n - An out-of-bounds read issue exists when decoding\n certain JPG images that could lead to a denial of\n service. (CVE-2014-1523)\n\n - A memory corruption issue exists due to improper\n validation of XBL objects that could lead to arbitrary\n code execution. (CVE-2014-1524)\n\n - A security bypass issue exists in the Web Notification\n API that could lead to arbitrary code execution.\n (CVE-2014-1529)\n\n - A cross-site scripting issue exists that could allow an\n attacker to load another website other than the URL for\n the website that is shown in the address bar.\n (CVE-2014-1530)\n\n - A use-after-free issue exists due to an 'imgLoader'\n object being freed when being resized. This issue\n could lead to arbitrary code execution. (CVE-2014-1531)\n\n - A use-after-free issue exists during host resolution\n that could lead to arbitrary code execution.\n (CVE-2014-1532)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-37/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-38/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-42/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-43/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-44/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-46/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 24.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'24.5', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:48", "references": ["http://support.novell.com/security/cve/CVE-2014-1530.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-43.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-44.html", "https://bugzilla.novell.com/show_bug.cgi?id=875803", "https://bugzilla.novell.com/show_bug.cgi?id=875378", "http://support.novell.com/security/cve/CVE-2014-1520.html", "https://bugzilla.novell.com/show_bug.cgi?id=865539", "http://www.mozilla.org/security/announce/2014/mfsa2014-38.html", "http://support.novell.com/security/cve/CVE-2014-1492.html", "http://support.novell.com/security/cve/CVE-2014-1523.html", "https://bugzilla.novell.com/show_bug.cgi?id=869827", "http://support.novell.com/security/cve/CVE-2014-1532.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-42.html", "http://support.novell.com/security/cve/CVE-2014-1518.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-34.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-46.html", "http://support.novell.com/security/cve/CVE-2014-1524.html", "http://support.novell.com/security/cve/CVE-2014-1531.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-37.html", "http://support.novell.com/security/cve/CVE-2014-1529.html"], "pluginID": "74006", "description": "This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the following several security and non-security issues :\n\n - Miscellaneous memory safety hazards. (MFSA 2014-34 / CVE-2014-1518)\n\n - Out of bounds read while decoding JPG images. (MFSA 2014-37 / CVE-2014-1523)\n\n - Buffer overflow when using non-XBL object as XBL. (MFSA 2014-38 / CVE-2014-1524)\n\n - Privilege escalation through Web Notification API. (MFSA 2014-42 / CVE-2014-1529)\n\n - Cross-site scripting (XSS) using history navigations.\n (MFSA 2014-43 / CVE-2014-1530)\n\n - Use-after-free in imgLoader while resizing images. (MFSA 2014-44 / CVE-2014-1531)\n\n - Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16:. (MFSA 2014-46 / CVE-2014-1532)\n\n - required for Firefox 29\n\n - In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. (CVE-2014-1492)\n\n - Update of root certificates.", "edition": 4, "reporter": "Tenable", "published": "2014-05-14T00:00:00", "title": "SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9185)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1520", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-06-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED", "p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit", "p-cpe:/a:novell:suse_linux:11:libsoftokn3", "p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-nss", "p-cpe:/a:novell:suse_linux:11:mozilla-nspr", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:11:libfreebl3", "p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit"], "id": "SUSE_11_MOZILLAFIREFOX-201404-140501.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74006", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74006);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2014/06/14 00:01:15 $\");\n\n script_cve_id(\"CVE-2014-1492\", \"CVE-2014-1518\", \"CVE-2014-1520\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n\n script_name(english:\"SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9185)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the\nfollowing several security and non-security issues :\n\n - Miscellaneous memory safety hazards. (MFSA 2014-34 /\n CVE-2014-1518)\n\n - Out of bounds read while decoding JPG images. (MFSA\n 2014-37 / CVE-2014-1523)\n\n - Buffer overflow when using non-XBL object as XBL. (MFSA\n 2014-38 / CVE-2014-1524)\n\n - Privilege escalation through Web Notification API. (MFSA\n 2014-42 / CVE-2014-1529)\n\n - Cross-site scripting (XSS) using history navigations.\n (MFSA 2014-43 / CVE-2014-1530)\n\n - Use-after-free in imgLoader while resizing images. (MFSA\n 2014-44 / CVE-2014-1531)\n\n - Use-after-free in nsHostResolver Mozilla NSS has been\n updated to 3.16:. (MFSA 2014-46 / CVE-2014-1532)\n\n - required for Firefox 29\n\n - In a wildcard certificate, the wildcard character should\n not be embedded within the U-label of an\n internationalized domain name. See the last bullet point\n in RFC 6125, Section 7.2. (CVE-2014-1492)\n\n - Update of root certificates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-34.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-37.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-38.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-43.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-44.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2014/mfsa2014-46.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1492.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1518.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1523.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1524.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1529.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1530.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1532.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9185.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-24.5.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-branding-SLED-24-0.7.36\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"MozillaFirefox-translations-24.5.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libfreebl3-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libsoftokn3-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nspr-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"mozilla-nss-tools-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-24.5.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLED-24-0.7.36\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-24.5.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nspr-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-24.5.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-branding-SLED-24-0.7.36\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"MozillaFirefox-translations-24.5.0esr-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libfreebl3-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libsoftokn3-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"mozilla-nspr-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"mozilla-nss-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"mozilla-nss-tools-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libfreebl3-32bit-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nspr-32bit-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.16-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.4-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.16-0.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:08", "references": ["http://www.nessus.org/u?9e61318c", "http://support.novell.com/security/cve/CVE-2014-1530.html", "http://support.novell.com/security/cve/CVE-2014-1492.html", "http://support.novell.com/security/cve/CVE-2014-1523.html", "http://support.novell.com/security/cve/CVE-2014-1532.html", "http://www.nessus.org/u?755a37c4", "http://support.novell.com/security/cve/CVE-2014-1518.html", "http://support.novell.com/security/cve/CVE-2014-1524.html", "https://bugzilla.novell.com/869827", "http://support.novell.com/security/cve/CVE-2014-1531.html", "https://bugzilla.novell.com/865539", "https://bugzilla.novell.com/875378", "http://support.novell.com/security/cve/CVE-2014-1529.html"], "pluginID": "83622", "description": "This Mozilla Firefox update provides several security and non-security fixes.\n\nMozilla Firefox has been updated to the 24.5.0esr version, which fixes the following issues :\n\n - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards\n\n - MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images\n\n - MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL\n\n - MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API\n\n - MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations\n\n - MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images\n\n - MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver\n\nMozilla NSS has been updated to version 3.16\n\n - required for Firefox 29\n\n - CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2.\n\n - Update of root certificates.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-05-20T00:00:00", "title": "SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2014:0665-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozilla-nspr", "p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED", "p-cpe:/a:novell:suse_linux:firefox-gtk2-lang", "p-cpe:/a:novell:suse_linux:mozilla-nss-devel", "p-cpe:/a:novell:suse_linux:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:firefox-pango", "p-cpe:/a:novell:suse_linux:firefox-atk", "p-cpe:/a:novell:suse_linux:firefox-pcre", "p-cpe:/a:novell:suse_linux:mozilla-nspr-devel", "p-cpe:/a:novell:suse_linux:firefox-libgcc_s1", "p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:firefox-glib2", "p-cpe:/a:novell:suse_linux:firefox-freetype2", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-xulrunner192-translations", "p-cpe:/a:novell:suse_linux:firefox-fontconfig", "p-cpe:/a:novell:suse_linux:firefox-pixman", "p-cpe:/a:novell:suse_linux:firefox-gtk2", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:firefox-libstdc++6", "p-cpe:/a:novell:suse_linux:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:firefox-cairo", "p-cpe:/a:novell:suse_linux:mozilla-xulrunner192", "p-cpe:/a:novell:suse_linux:mozilla-xulrunner192-gnome", "cpe:/o:novell:suse_linux:10", "p-cpe:/a:novell:suse_linux:mozilla-xulrunner191-gnomevfs"], "id": "SUSE_SU-2014-0665-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83622", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:0665-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83622);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/05/20 15:11:10 $\");\n\n script_cve_id(\"CVE-2014-1492\", \"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_bugtraq_id(66356, 67123, 67129, 67130, 67131, 67134, 67135, 67137);\n\n script_name(english:\"SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2014:0665-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Mozilla Firefox update provides several security and non-security\nfixes.\n\nMozilla Firefox has been updated to the 24.5.0esr version, which fixes\nthe following issues :\n\n - MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety\n hazards\n\n - MFSA 2014-37/CVE-2014-1523 Out of bounds read while\n decoding JPG images\n\n - MFSA 2014-38/CVE-2014-1524 Buffer overflow when using\n non-XBL object as XBL\n\n - MFSA 2014-42/CVE-2014-1529 Privilege escalation through\n Web Notification API\n\n - MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS)\n using history navigations\n\n - MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader\n while resizing images\n\n - MFSA 2014-46/CVE-2014-1532 Use-after-free in\n nsHostResolver\n\nMozilla NSS has been updated to version 3.16\n\n - required for Firefox 29\n\n - CVE-2014-1492_ In a wildcard certificate, the wildcard\n character should not be embedded within the U-label of\n an internationalized domain name. See the last bullet\n point in RFC 6125, Section 7.2.\n\n - Update of root certificates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=286e8d629532f85ab01bea1a26438953\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?755a37c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1492.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1518.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1523.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1524.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1529.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1530.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1532.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/865539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/869827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/875378\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20140665-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e61318c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Mozilla Firefox packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-atk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-cairo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-fontconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-glib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-gtk2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-libgcc_s1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-libstdc++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-pango\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:firefox-pixman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-xulrunner192\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-xulrunner192-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-xulrunner192-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^3$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-atk-32bit-1.28.0-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-cairo-32bit-1.8.0-0.10.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-fontconfig-32bit-2.6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-freetype2-32bit-2.3.7-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-glib2-32bit-2.22.5-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-gtk2-32bit-2.18.9-0.9.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-libgcc_s1-32bit-4.7.2_20130108-0.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-libstdc++6-32bit-4.7.2_20130108-0.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-pango-32bit-1.26.2-0.9.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-pcre-32bit-7.8-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"firefox-pixman-32bit-0.16.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.10.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.16-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-32bit-1.9.2.28-0.13.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.13.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.28-0.13.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-atk-32bit-1.28.0-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-cairo-32bit-1.8.0-0.10.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-fontconfig-32bit-2.6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-freetype2-32bit-2.3.7-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-glib2-32bit-2.22.5-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-gtk2-32bit-2.18.9-0.9.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-libgcc_s1-32bit-4.7.2_20130108-0.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-libstdc++6-32bit-4.7.2_20130108-0.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-pango-32bit-1.26.2-0.9.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-pcre-32bit-7.8-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"firefox-pixman-32bit-0.16.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-nspr-32bit-4.10.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.16-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.19-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.19-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-xulrunner192-32bit-1.9.2.28-0.13.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.13.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-xulrunner192-translations-32bit-1.9.2.28-0.13.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-atk-1.28.0-0.7.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-cairo-1.8.0-0.10.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-fontconfig-2.6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-freetype2-2.3.7-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-glib2-2.22.5-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-gtk2-2.18.9-0.9.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-gtk2-lang-2.18.9-0.9.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-libgcc_s1-4.7.2_20130108-0.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-libstdc++6-4.7.2_20130108-0.22.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-pango-1.26.2-0.9.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-pcre-7.8-0.8.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"firefox-pixman-0.16.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-nspr-4.10.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-nspr-devel-4.10.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-nss-3.16-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-nss-devel-3.16-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-nss-tools-3.16-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-xulrunner191-1.9.1.19-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.19-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-xulrunner191-translations-1.9.1.19-0.13.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-xulrunner192-1.9.2.28-0.13.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-xulrunner192-gnome-1.9.2.28-0.13.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"mozilla-xulrunner192-translations-1.9.2.28-0.13.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"MozillaFirefox-24.5.0esr-0.7.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"MozillaFirefox-branding-SLED-24-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"3\", reference:\"MozillaFirefox-translations-24.5.0esr-0.7.2\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:32", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-April/004092.html", "https://oss.oracle.com/pipermail/el-errata/2014-April/004095.html"], "pluginID": "73794", "description": "From Red Hat Security Advisory 2014:0448 :\n\nAn updated firefox package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Firefox resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Firefox decoded JPEG images. Loading a web page containing a specially crafted JPEG image could cause Firefox to crash. (CVE-2014-1523)\n\nA flaw was found in the way Firefox handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse Schwartzentrube as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to this updated package, which contains Firefox version 24.5.0 ESR, which corrects these issues.\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "edition": 6, "reporter": "Tenable", "published": "2014-05-01T00:00:00", "title": "Oracle Linux 5 / 6 : firefox (ELSA-2014-0448)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2014-0448.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73794", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0448 and \n# Oracle Linux Security Advisory ELSA-2014-0448 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73794);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-1518\", \"CVE-2014-1523\", \"CVE-2014-1524\", \"CVE-2014-1529\", \"CVE-2014-1530\", \"CVE-2014-1531\", \"CVE-2014-1532\");\n script_bugtraq_id(67123, 67129, 67130, 67131, 67134, 67135, 67137);\n script_xref(name:\"RHSA\", value:\"2014:0448\");\n\n script_name(english:\"Oracle Linux 5 / 6 : firefox (ELSA-2014-0448)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0448 :\n\nAn updated firefox package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529,\nCVE-2014-1531)\n\nA use-after-free flaw was found in the way Firefox resolved hosts in\ncertain circumstances. An attacker could use this flaw to crash\nFirefox or, potentially, execute arbitrary code with the privileges of\nthe user running Firefox. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Firefox decoded JPEG\nimages. Loading a web page containing a specially crafted JPEG image\ncould cause Firefox to crash. (CVE-2014-1523)\n\nA flaw was found in the way Firefox handled browser navigations\nthrough history. An attacker could possibly use this flaw to cause the\naddress bar of the browser to display a web page name while loading\ncontent from an entirely different web page, which could allow for\ncross-site scripting (XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph\nDiehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd,\nChristian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils,\nTyson Smith, and Jesse Schwartzentrube as the original reporters of\nthese issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 24.5.0 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to this updated package, which\ncontains Firefox version 24.5.0 ESR, which corrects these issues.\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004095.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-24.5.0-1.0.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-24.5.0-1.0.1.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:37:02", "references": ["http://download.suse.com/patch/finder/?keywords=147e419c487f42538a6cd744c37b1186", "https://bugzilla.novell.com/875803", "https://bugzilla.novell.com/869827", "https://bugzilla.novell.com/865539", "https://bugzilla.novell.com/875378"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "24-0.4.10.14", "arch": "i586", "packageFilename": "MozillaFirefox-branding-SLED-24-0.4.10.14.i586.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16-0.3.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.16-0.3.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "i586", "packageFilename": "libfreebl3-3.16-0.3.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "24.5.0esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "24.5.0esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.5.0esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.16-0.3.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.16-0.3.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "libfreebl3-32bit-3.16-0.3.1.s390x.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "libfreebl3-3.16-0.3.1.s390x.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16-0.3.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16-0.3.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "24-0.4.10.14", "arch": "s390x", "packageFilename": "MozillaFirefox-branding-SLED-24-0.4.10.14.s390x.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nss-devel-3.16-0.3.1.s390x.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "24.5.0esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.16-0.3.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "24.5.0esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-24.5.0esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16-0.3.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16-0.3.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16-0.3.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "24-0.4.10.14", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.4.10.14.x86_64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.16-0.3.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "24.5.0esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "24.5.0esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.5.0esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.16-0.3.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16-0.3.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}], "description": "This MozillaFirefox and mozilla-nss update fixes several security and\n non-security issues.\n\n MozillaFirefox has been updated to version 24.5.0esr which fixes the\n following issues:\n\n * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards\n * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG\n images\n * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object\n as XBL\n * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web\n Notification API\n * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history\n navigations\n * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while\n resizing images\n * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver\n\n Mozilla NSS has been updated to version 3.16\n\n * required for Firefox 29\n * CVE-2014-1492_ In a wildcard certificate, the wildcard character\n should not be embedded within the U-label of an internationalized\n domain name. See the last bullet point in RFC 6125, Section 7.2.\n * Update of root certificates.\n", "edition": 1, "reporter": "Suse", "published": "2014-05-16T02:04:19", "title": "Security update for Mozilla Firefox (important)", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1520", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-05-16T02:04:19", "id": "SUSE-SU-2014:0638-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00005.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:35:06", "references": ["http://download.suse.com/patch/finder/?keywords=6deb2806a7e4f6bdaa0908761932d7dd", "https://bugzilla.novell.com/869827"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1", "packageFilename": "firefox-libgcc_s1-4.7.2_20130108-0.22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango", "packageFilename": "firefox-pango-1.26.2-0.9.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.28-0.13.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.10.4-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo", "packageFilename": "firefox-cairo-1.8.0-0.10.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk", "packageFilename": "firefox-atk-1.28.0-0.7.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2", "packageFilename": "firefox-glib2-2.22.5-0.13.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk", "packageFilename": "firefox-atk-1.28.0-0.7.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman", "packageFilename": "firefox-pixman-0.16.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre", "packageFilename": "firefox-pcre-7.8-0.8.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6", "packageFilename": "firefox-libstdc++6-4.7.2_20130108-0.22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1", "packageFilename": "firefox-libgcc_s1-4.7.2_20130108-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre-32bit", "packageFilename": "firefox-pcre-32bit-7.8-0.8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191", "packageFilename": "mozilla-xulrunner191-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2", "packageFilename": "firefox-glib2-2.22.5-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2", "packageFilename": "firefox-freetype2-2.3.7-0.35.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2", "packageFilename": "firefox-gtk2-2.18.9-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.16-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2", "packageFilename": "firefox-freetype2-2.3.7-0.35.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre", "packageFilename": "firefox-pcre-7.8-0.8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1", "packageFilename": "firefox-libgcc_s1-4.7.2_20130108-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-32bit", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1-32bit", "packageFilename": "firefox-libgcc_s1-32bit-4.7.2_20130108-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.19-0.13.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "24.5.0esr-0.7.2", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.7.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig-32bit", "packageFilename": "firefox-fontconfig-32bit-2.6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig", "packageFilename": "firefox-fontconfig-2.6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.10.4-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191", "packageFilename": "mozilla-xulrunner191-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-32bit", "packageFilename": "firefox-gtk2-32bit-2.18.9-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo-32bit", "packageFilename": "firefox-cairo-32bit-1.8.0-0.10.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre-32bit", "packageFilename": "firefox-pcre-32bit-7.8-0.8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.16-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig", "packageFilename": "firefox-fontconfig-2.6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.16-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "24-0.12.1", "packageName": "MozillaFirefox-branding-SLED", "packageFilename": "MozillaFirefox-branding-SLED-24-0.12.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.16-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-32bit", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman-32bit", "packageFilename": "firefox-pixman-32bit-0.16.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk", "packageFilename": "firefox-atk-1.28.0-0.7.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.19-0.13.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-32bit", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.16-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango-32bit", "packageFilename": "firefox-pango-32bit-1.26.2-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2", "packageFilename": "firefox-freetype2-2.3.7-0.35.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk-32bit", "packageFilename": "firefox-atk-32bit-1.28.0-0.7.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2", "packageFilename": "firefox-glib2-2.22.5-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations-32bit", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.10.4-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman", "packageFilename": "firefox-pixman-0.16.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6-32bit", "packageFilename": "firefox-libstdc++6-32bit-4.7.2_20130108-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig-32bit", "packageFilename": "firefox-fontconfig-32bit-2.6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2-32bit", "packageFilename": "firefox-freetype2-32bit-2.3.7-0.35.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.10.4-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6-32bit", "packageFilename": "firefox-libstdc++6-32bit-4.7.2_20130108-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2", "packageFilename": "firefox-gtk2-2.18.9-0.9.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-lang", "packageFilename": "firefox-gtk2-lang-2.18.9-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-lang", "packageFilename": "firefox-gtk2-lang-2.18.9-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman", "packageFilename": "firefox-pixman-0.16.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo-32bit", "packageFilename": "firefox-cairo-32bit-1.8.0-0.10.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.16-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2", "packageFilename": "firefox-gtk2-2.18.9-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.16-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-32bit", "packageFilename": "firefox-gtk2-32bit-2.18.9-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "24.5.0esr-0.7.2", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-24.5.0esr-0.7.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1-32bit", "packageFilename": "firefox-libgcc_s1-32bit-4.7.2_20130108-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-lang", "packageFilename": "firefox-gtk2-lang-2.18.9-0.9.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-32bit", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango", "packageFilename": "firefox-pango-1.26.2-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo", "packageFilename": "firefox-cairo-1.8.0-0.10.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk-32bit", "packageFilename": "firefox-atk-32bit-1.28.0-0.7.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.10.4-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo", "packageFilename": "firefox-cairo-1.8.0-0.10.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations-32bit", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre", "packageFilename": "firefox-pcre-7.8-0.8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.16-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman-32bit", "packageFilename": "firefox-pixman-32bit-0.16.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.16-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "24.5.0esr-0.7.2", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-24.5.0esr-0.7.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.28-0.13.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango", "packageFilename": "firefox-pango-1.26.2-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "24-0.12.1", "packageName": "MozillaFirefox-branding-SLED", "packageFilename": "MozillaFirefox-branding-SLED-24-0.12.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6", "packageFilename": "firefox-libstdc++6-4.7.2_20130108-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.10.4-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6", "packageFilename": "firefox-libstdc++6-4.7.2_20130108-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191", "packageFilename": "mozilla-xulrunner191-1.9.1.19-0.13.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "24.5.0esr-0.7.2", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.7.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.28-0.13.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.16-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2-32bit", "packageFilename": "firefox-glib2-32bit-2.22.5-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig", "packageFilename": "firefox-fontconfig-2.6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango-32bit", "packageFilename": "firefox-pango-32bit-1.26.2-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2-32bit", "packageFilename": "firefox-glib2-32bit-2.22.5-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.16-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2-32bit", "packageFilename": "firefox-freetype2-32bit-2.3.7-0.35.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "This Mozilla Firefox update provides several security and non-security\n fixes.\n\n MozillaFirefox has been updated to 24.5.0esr, which fixes the following\n issues:\n\n * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards\n * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG\n images\n * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object\n as XBL\n * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web\n Notification API\n * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history\n navigations\n * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while\n resizing images\n * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver\n\n Mozilla NSS has been updated to 3.16\n\n * required for Firefox 29\n * CVE-2014-1492_ In a wildcard certificate, the wildcard character\n should not be embedded within the U-label of an internationalized\n domain name. See the last bullet point in RFC 6125, Section 7.2.\n * Update of root certificates.\n", "edition": 1, "reporter": "Suse", "published": "2014-05-28T22:05:08", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "title": "Security update for Mozilla Firefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-05-28T22:05:08", "id": "SUSE-SU-2014:0727-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:59:55", "references": ["https://bugzilla.novell.com/869827", "http://download.suse.com/patch/finder/?keywords=02d70d3c9e25d9db60e36b3f80b0bc27", "https://bugzilla.novell.com/865539", "https://bugzilla.novell.com/875378"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "24-0.4.10.14", "arch": "s390x", "packageFilename": "MozillaFirefox-branding-SLED-24-0.4.10.14.s390x.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16-0.3.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "24.5.0esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.5.0esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16-0.3.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "24-0.4.10.14", "arch": "i586", "packageFilename": "MozillaFirefox-branding-SLED-24-0.4.10.14.i586.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "24-0.4.10.14", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.4.10.14.x86_64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16-0.3.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16-0.3.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16-0.3.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "i586", "packageFilename": "libfreebl3-3.16-0.3.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "24.5.0esr-0.3.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.3.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "libfreebl3-3.16-0.3.1.s390x.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16-0.3.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.16-0.3.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "24.5.0esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.5.0esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "24.5.0esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-24.5.0esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "24.5.0esr-0.3.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.3.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "libfreebl3-32bit-3.16-0.3.1.s390x.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "24.5.0esr-0.3.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.3.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.16-0.3.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.16-0.3.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "3.16-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16-0.3.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}], "description": "This Mozilla Firefox and Mozilla NSS update fixes several security and\n non-security issues.\n\n Mozilla Firefox has been updated to 24.5.0esr which fixes the following\n issues:\n\n * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards\n * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG\n images\n * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object\n as XBL\n * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web\n Notification API\n * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history\n navigations\n * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while\n resizing images\n * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver\n\n Mozilla NSS has been updated to 3.16\n\n * required for Firefox 29\n * CVE-2014-1492_ In a wildcard certificate, the wildcard character\n should not be embedded within the U-label of an internationalized\n domain name. See the last bullet point in RFC 6125, Section 7.2.\n * Update of root certificates.\n", "edition": 1, "reporter": "Suse", "published": "2014-05-16T02:05:07", "title": "Security update for Mozilla Firefox (important)", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-05-16T02:05:07", "id": "SUSE-SU-2014:0665-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:18:32", "references": ["https://bugzilla.novell.com/869827", "http://download.suse.com/patch/finder/?keywords=286e8d629532f85ab01bea1a26438953", "https://bugzilla.novell.com/865539", "https://bugzilla.novell.com/875378"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk-32bit", "packageFilename": "firefox-atk-32bit-1.28.0-0.7.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.16-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-32bit", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.10.4-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman", "packageFilename": "firefox-pixman-0.16.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2", "packageFilename": "firefox-gtk2-2.18.9-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig", "packageFilename": "firefox-fontconfig-2.6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191", "packageFilename": "mozilla-xulrunner191-1.9.1.19-0.13.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "24.5.0esr-0.7.2", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.7.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.16-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.19-0.13.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-32bit", "packageFilename": "firefox-gtk2-32bit-2.18.9-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2-32bit", "packageFilename": "firefox-glib2-32bit-2.22.5-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.16-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1-32bit", "packageFilename": "firefox-libgcc_s1-32bit-4.7.2_20130108-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1", "packageFilename": "firefox-libgcc_s1-4.7.2_20130108-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango-32bit", "packageFilename": "firefox-pango-32bit-1.26.2-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1", "packageFilename": "firefox-libgcc_s1-4.7.2_20130108-0.22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "24.5.0esr-0.7.2", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-24.5.0esr-0.7.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre-32bit", "packageFilename": "firefox-pcre-32bit-7.8-0.8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk", "packageFilename": "firefox-atk-1.28.0-0.7.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-32bit", "packageFilename": "firefox-gtk2-32bit-2.18.9-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.10.4-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango-32bit", "packageFilename": "firefox-pango-32bit-1.26.2-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "24.5.0esr-0.7.2", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.7.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations-32bit", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango", "packageFilename": "firefox-pango-1.26.2-0.9.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations", "packageFilename": "mozilla-xulrunner191-translations-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.28-0.13.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-lang", "packageFilename": "firefox-gtk2-lang-2.18.9-0.9.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "24-0.12.1", "packageName": "MozillaFirefox-branding-SLED", "packageFilename": "MozillaFirefox-branding-SLED-24-0.12.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6-32bit", "packageFilename": "firefox-libstdc++6-32bit-4.7.2_20130108-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191", "packageFilename": "mozilla-xulrunner191-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo-32bit", "packageFilename": "firefox-cairo-32bit-1.8.0-0.10.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-lang", "packageFilename": "firefox-gtk2-lang-2.18.9-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre", "packageFilename": "firefox-pcre-7.8-0.8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2-32bit", "packageFilename": "firefox-freetype2-32bit-2.3.7-0.35.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-translations-32bit", "packageFilename": "mozilla-xulrunner191-translations-32bit-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman", "packageFilename": "firefox-pixman-0.16.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.16-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman-32bit", "packageFilename": "firefox-pixman-32bit-0.16.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-32bit", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk", "packageFilename": "firefox-atk-1.28.0-0.7.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-32bit", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig-32bit", "packageFilename": "firefox-fontconfig-32bit-2.6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1-32bit", "packageFilename": "firefox-libgcc_s1-32bit-4.7.2_20130108-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2", "packageFilename": "firefox-freetype2-2.3.7-0.35.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango", "packageFilename": "firefox-pango-1.26.2-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.26.2-0.9.2", "packageName": "firefox-pango", "packageFilename": "firefox-pango-1.26.2-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo", "packageFilename": "firefox-cairo-1.8.0-0.10.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.10.4-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2", "packageFilename": "firefox-gtk2-2.18.9-0.9.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.16-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig", "packageFilename": "firefox-fontconfig-2.6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2", "packageFilename": "firefox-gtk2-2.18.9-0.9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2-32bit", "packageFilename": "firefox-freetype2-32bit-2.3.7-0.35.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191", "packageFilename": "mozilla-xulrunner191-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.16-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig", "packageFilename": "firefox-fontconfig-2.6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.16-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.18.9-0.9.2", "packageName": "firefox-gtk2-lang", "packageFilename": "firefox-gtk2-lang-2.18.9-0.9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.6.0-0.7.1", "packageName": "firefox-fontconfig-32bit", "packageFilename": "firefox-fontconfig-32bit-2.6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman", "packageFilename": "firefox-pixman-0.16.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre", "packageFilename": "firefox-pcre-7.8-0.8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk-32bit", "packageFilename": "firefox-atk-32bit-1.28.0-0.7.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.10.4-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo-32bit", "packageFilename": "firefox-cairo-32bit-1.8.0-0.10.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192", "packageFilename": "mozilla-xulrunner192-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6-32bit", "packageFilename": "firefox-libstdc++6-32bit-4.7.2_20130108-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-32bit", "packageFilename": "mozilla-xulrunner191-32bit-1.9.1.19-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre", "packageFilename": "firefox-pcre-7.8-0.8.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo", "packageFilename": "firefox-cairo-1.8.0-0.10.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2", "packageFilename": "firefox-glib2-2.22.5-0.13.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.8.0-0.10.2", "packageName": "firefox-cairo", "packageFilename": "firefox-cairo-1.8.0-0.10.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6", "packageFilename": "firefox-libstdc++6-4.7.2_20130108-0.22.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.10.4-0.5.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.16.0-0.7.1", "packageName": "firefox-pixman-32bit", "packageFilename": "firefox-pixman-32bit-0.16.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-32bit", "packageFilename": "mozilla-xulrunner192-32bit-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations-32bit", "packageFilename": "mozilla-xulrunner192-translations-32bit-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libgcc_s1", "packageFilename": "firefox-libgcc_s1-4.7.2_20130108-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2", "packageFilename": "firefox-freetype2-2.3.7-0.35.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.28-0.13.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "7.8-0.8.1", "packageName": "firefox-pcre-32bit", "packageFilename": "firefox-pcre-32bit-7.8-0.8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "24.5.0esr-0.7.2", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-24.5.0esr-0.7.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-translations", "packageFilename": "mozilla-xulrunner192-translations-1.9.2.28-0.13.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.3.7-0.35.1", "packageName": "firefox-freetype2", "packageFilename": "firefox-freetype2-2.3.7-0.35.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6", "packageFilename": "firefox-libstdc++6-4.7.2_20130108-0.22.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2", "packageFilename": "firefox-glib2-2.22.5-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.16-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.10.4-0.5.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.10.4-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2-32bit", "packageFilename": "firefox-glib2-32bit-2.22.5-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.28.0-0.7.3", "packageName": "firefox-atk", "packageFilename": "firefox-atk-1.28.0-0.7.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome-32bit", "packageFilename": "mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.13.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.16-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.16-0.5.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs-32bit", "packageFilename": "mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.13.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "4.7.2_20130108-0.22.1", "packageName": "firefox-libstdc++6", "packageFilename": "firefox-libstdc++6-4.7.2_20130108-0.22.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "24-0.12.1", "packageName": "MozillaFirefox-branding-SLED", "packageFilename": "MozillaFirefox-branding-SLED-24-0.12.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.16-0.5.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.16-0.5.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.1.19-0.13.3", "packageName": "mozilla-xulrunner191-gnomevfs", "packageFilename": "mozilla-xulrunner191-gnomevfs-1.9.1.19-0.13.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.9.2.28-0.13.4", "packageName": "mozilla-xulrunner192-gnome", "packageFilename": "mozilla-xulrunner192-gnome-1.9.2.28-0.13.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "2.22.5-0.13.3", "packageName": "firefox-glib2", "packageFilename": "firefox-glib2-2.22.5-0.13.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "This Mozilla Firefox update provides several security and non-security\n fixes.\n\n Mozilla Firefox has been updated to the 24.5.0esr version, which fixes the\n following issues:\n\n * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards\n * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG\n images\n * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object\n as XBL\n * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web\n Notification API\n * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history\n navigations\n * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while\n resizing images\n * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver\n\n Mozilla NSS has been updated to version 3.16\n\n * required for Firefox 29\n * CVE-2014-1492_ In a wildcard certificate, the wildcard character\n should not be embedded within the U-label of an internationalized\n domain name. See the last bullet point in RFC 6125, Section 7.2.\n * Update of root certificates.\n", "edition": 1, "reporter": "Suse", "published": "2014-05-28T21:04:21", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "title": "Security update for Mozilla Firefox (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-05-28T21:04:21", "id": "SUSE-SU-2014:0665-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00014.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:35:06", "references": ["http://download.suse.com/patch/finder/?keywords=10e2fe4f221c02f421ee93cc33680e53", "https://bugzilla.novell.com/875803", "https://bugzilla.novell.com/869827", "https://bugzilla.novell.com/865539", "https://bugzilla.novell.com/875378"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "ia64", "packageFilename": "MozillaFirefox-devel-24.5.0esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ia64", "packageFilename": "libsoftokn3-3.16-0.8.1.ia64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ppc64", "packageFilename": "mozilla-nss-tools-3.16-0.8.1.ppc64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16-0.8.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16-0.8.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.36", "arch": "s390x", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.36.s390x.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.5.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16-0.8.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "libsoftokn3-3.16-0.8.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "s390x", "packageFilename": "mozilla-nss-3.16-0.8.1.s390x.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ppc64", "packageFilename": "mozilla-nss-devel-3.16-0.8.1.ppc64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.36", "arch": "ppc64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.36.ppc64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16-0.8.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ppc64", "packageFilename": "libfreebl3-32bit-3.16-0.8.1.ppc64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "s390x", "packageFilename": "MozillaFirefox-24.5.0esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "ia64", "packageFilename": "MozillaFirefox-24.5.0esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.36", "arch": "ia64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.36.ia64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16-0.8.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "libfreebl3-3.16-0.8.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "libsoftokn3-3.16-0.8.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ppc64", "packageFilename": "mozilla-nss-32bit-3.16-0.8.1.ppc64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ia64", "packageFilename": "mozilla-nss-devel-3.16-0.8.1.ia64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ia64", "packageFilename": "libfreebl3-3.16-0.8.1.ia64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16-0.8.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.16-0.8.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "s390x", "packageFilename": "mozilla-nss-tools-3.16-0.8.1.s390x.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.16-0.8.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.5.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ia64", "packageFilename": "mozilla-nspr-x86-4.10.4-0.3.1.ia64.rpm", "packageName": "mozilla-nspr-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.16-0.8.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.16-0.8.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.ppc64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16-0.8.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-24.5.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ia64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.ia64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16-0.8.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16-0.8.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.ppc64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.5.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-24.5.0esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "s390x", "packageFilename": "libfreebl3-3.16-0.8.1.s390x.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ppc64", "packageFilename": "mozilla-nss-3.16-0.8.1.ppc64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.16-0.8.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "libsoftokn3-3.16-0.8.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16-0.8.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ppc64", "packageFilename": "libsoftokn3-32bit-3.16-0.8.1.ppc64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.36", "arch": "i586", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.36.i586.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24-0.7.36", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.36.x86_64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.5.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.ppc64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16-0.8.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-devel-24.5.0esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ia64", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.ia64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ia64", "packageFilename": "mozilla-nss-tools-3.16-0.8.1.ia64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ppc64", "packageFilename": "libsoftokn3-3.16-0.8.1.ppc64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ia64", "packageFilename": "mozilla-nss-3.16-0.8.1.ia64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.16-0.8.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "s390x", "packageFilename": "MozillaFirefox-devel-24.5.0esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "s390x", "packageFilename": "libsoftokn3-3.16-0.8.1.s390x.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.5.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ppc64", "packageFilename": "libfreebl3-3.16-0.8.1.ppc64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24-0.7.36", "arch": "i586", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.36.i586.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "s390x", "packageFilename": "libsoftokn3-32bit-3.16-0.8.1.s390x.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.16-0.8.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "s390x", "packageFilename": "mozilla-nss-devel-3.16-0.8.1.s390x.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "ia64", "packageFilename": "libsoftokn3-x86-3.16-0.8.1.ia64.rpm", "packageName": "libsoftokn3-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "s390x", "packageFilename": "mozilla-nss-32bit-3.16-0.8.1.s390x.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16-0.8.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-24.5.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.36", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.36.x86_64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16-0.8.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.16-0.8.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "libfreebl3-3.16-0.8.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "s390x", "packageFilename": "libfreebl3-32bit-3.16-0.8.1.s390x.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-translations-24.5.0esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.16-0.8.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.16-0.8.1", "arch": "i586", "packageFilename": "libfreebl3-3.16-0.8.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.5.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.5.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}], "description": "This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the\n following several security and non-security issues:\n\n * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards\n * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG\n images\n * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object\n as XBL\n * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web\n Notification API\n * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history\n navigations\n * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while\n resizing images\n * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver\n\n Mozilla NSS has been updated to 3.16:\n\n * required for Firefox 29\n * CVE-2014-1492: In a wildcard certificate, the wildcard character\n should not be embedded within the U-label of an internationalized domain\n name. See the last bullet point in RFC 6125, Section 7.2.\n * Update of root certificates.\n", "edition": 1, "reporter": "Suse", "published": "2014-05-14T01:04:17", "title": "Security update for Mozilla Firefox (important)", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1520", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-05-14T01:04:17", "id": "SUSE-SU-2014:0638-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00003.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "references": ["https://bugzilla.novell.com/887746", "https://bugzilla.novell.com/603356", "https://bugzilla.novell.com/750044", "https://bugzilla.novell.com/765204", "https://bugzilla.novell.com/637303", "https://bugzilla.novell.com/861847", "https://bugzilla.novell.com/808243", "https://bugzilla.novell.com/528406", "https://bugzilla.novell.com/664211", "https://bugzilla.novell.com/657016", "https://bugzilla.novell.com/667155", "https://bugzilla.novell.com/771583", "https://bugzilla.novell.com/894201", "https://bugzilla.novell.com/825935", "https://bugzilla.novell.com/642502", "https://bugzilla.novell.com/720264", "https://bugzilla.novell.com/41903", "https://bugzilla.novell.com/104586", "https://bugzilla.novell.com/737533", "https://bugzilla.novell.com/881874", "https://bugzilla.novell.com/503151", "https://bugzilla.novell.com/726758", "https://bugzilla.novell.com/868603", "https://bugzilla.novell.com/593807", "https://bugzilla.novell.com/649492", "https://bugzilla.novell.com/622506", "https://bugzilla.novell.com/576969", "https://bugzilla.novell.com/796895", "https://bugzilla.novell.com/689281", "https://bugzilla.novell.com/354469", "https://bugzilla.novell.com/840485", "https://bugzilla.novell.com/847708", "https://bugzilla.novell.com/701296", "https://bugzilla.novell.com/744275", "https://bugzilla.novell.com/385739", "https://bugzilla.novell.com/790140", "https://bugzilla.novell.com/894370", "https://bugzilla.novell.com/529180", "https://bugzilla.novell.com/417869", "https://bugzilla.novell.com/429179", "https://bugzilla.novell.com/747328", "https://bugzilla.novell.com/712224", "https://bugzilla.novell.com/758408", "https://bugzilla.novell.com/559819", "https://bugzilla.novell.com/441084", "https://bugzilla.novell.com/455804", "https://bugzilla.novell.com/876833", "https://bugzilla.novell.com/804248", "https://bugzilla.novell.com/390992", "https://bugzilla.novell.com/819204", "https://bugzilla.novell.com/733002", "https://bugzilla.novell.com/777588", "https://bugzilla.novell.com/854370", "https://bugzilla.novell.com/484321", "https://bugzilla.novell.com/786522", "https://bugzilla.novell.com/582276", "https://bugzilla.novell.com/527418", "https://bugzilla.novell.com/732898", "https://bugzilla.novell.com/755060", "https://bugzilla.novell.com/714931", "https://bugzilla.novell.com/749440", "https://bugzilla.novell.com/833389", "https://bugzilla.novell.com/783533", "https://bugzilla.novell.com/728520", "https://bugzilla.novell.com/813026", "https://bugzilla.novell.com/439841", "https://bugzilla.novell.com/746616", "https://bugzilla.novell.com/518603", "https://bugzilla.novell.com/542809", "https://bugzilla.novell.com/645315", "https://bugzilla.novell.com/875378", "https://bugzilla.novell.com/586567"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}], "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit &quot;Entrust.net Secure Server Certification\n Authority&quot; root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the &quot;USERTrust Legacy Secure Server CA&quot;\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "edition": 1, "reporter": "Suse", "published": "2014-09-09T18:04:16", "title": "Firefox update to 31.1esr (important)", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "modified": "2014-09-09T18:04:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "id": "OPENSUSE-SU-2014:1100-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-06-12T21:10:11", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.5.0-1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "src", "packageName": "thunderbird", "packageFilename": "thunderbird-24.5.0-1.el5_10.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "i386", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.5.0-1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-24.5.0-1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-24.5.0-1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "i686", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.5.0-1.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "src", "packageName": "thunderbird", "packageFilename": "thunderbird-24.5.0-1.el6_5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.5.0-1.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "i686", "packageName": "thunderbird", "packageFilename": "thunderbird-24.5.0-1.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-24.5.0-1.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "ppc64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.5.0-1.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "ppc64", "packageName": "thunderbird", "packageFilename": "thunderbird-24.5.0-1.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "s390x", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.5.0-1.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "s390x", "packageName": "thunderbird", "packageFilename": "thunderbird-24.5.0-1.el6_5.s390x.rpm", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Thunderbird resolved hosts in\ncertain circumstances. An attacker could use this flaw to crash Thunderbird\nor, potentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Thunderbird decoded JPEG\nimages. Loading an email or a web page containing a specially crafted JPEG\nimage could cause Thunderbird to crash. (CVE-2014-1523)\n\nA flaw was found in the way Thunderbird handled browser navigations through\nhistory. An attacker could possibly use this flaw to cause the address bar\nof the browser to display a web page name while loading content from an\nentirely different web page, which could allow for cross-site scripting\n(XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,\nAbhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse\nSchwartzentrube as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "reporter": "RedHat", "published": "2014-04-29T04:00:00", "type": "redhat", "title": "(RHSA-2014:0449) Important: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1518", "CVE-2014-1523", "CVE-2014-1524", "CVE-2014-1529", "CVE-2014-1530", "CVE-2014-1531", "CVE-2014-1532"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:36", "id": "RHSA-2014:0449", "href": "https://access.redhat.com/errata/RHSA-2014:0449", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-06T18:04:58", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "i386", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5_10.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "ia64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el5_10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.5.0-1.el5_10", "arch": "ia64", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5_10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6_5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el6_5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.5.0-1.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.5.0-1.el6_5", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6_5.s390.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Firefox resolved hosts in\ncertain circumstances. An attacker could use this flaw to crash Firefox or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Firefox decoded JPEG\nimages. Loading a web page containing a specially crafted JPEG image could\ncause Firefox to crash. (CVE-2014-1523)\n\nA flaw was found in the way Firefox handled browser navigations through\nhistory. An attacker could possibly use this flaw to cause the address bar\nof the browser to display a web page name while loading content from an\nentirely different web page, which could allow for cross-site scripting\n(XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,\nAbhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse\nSchwartzentrube as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to this updated package, which contains\nFirefox version 24.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "reporter": "RedHat", "published": "2014-04-29T04:00:00", "type": "redhat", "title": "(RHSA-2014:0448) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1518", "CVE-2014-1523", "CVE-2014-1524", "CVE-2014-1529", "CVE-2014-1530", "CVE-2014-1531", "CVE-2014-1532"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:25", "id": "RHSA-2014:0448", "href": "https://access.redhat.com/errata/RHSA-2014:0448", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:06", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0449.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.5.0-1.el6.centos", "packageFilename": "thunderbird-24.5.0-1.el6.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.5.0-1.el5.centos", "packageFilename": "thunderbird-24.5.0-1.el5.centos.x86_64.rpm", "packageName": "thunderbird", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.5.0-1.el5.centos", "packageFilename": "thunderbird-24.5.0-1.el5.centos.i386.rpm", "packageName": "thunderbird", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.5.0-1.el5.centos", "packageFilename": "thunderbird-24.5.0-1.el5.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.5.0-1.el6.centos", "packageFilename": "thunderbird-24.5.0-1.el6.centos.x86_64.rpm", "packageName": "thunderbird", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.5.0-1.el6.centos", "packageFilename": "thunderbird-24.5.0-1.el6.centos.i686.rpm", "packageName": "thunderbird", "arch": "i686", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:0449\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Thunderbird resolved hosts in\ncertain circumstances. An attacker could use this flaw to crash Thunderbird\nor, potentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Thunderbird decoded JPEG\nimages. Loading an email or a web page containing a specially crafted JPEG\nimage could cause Thunderbird to crash. (CVE-2014-1523)\n\nA flaw was found in the way Thunderbird handled browser navigations through\nhistory. An attacker could possibly use this flaw to cause the address bar\nof the browser to display a web page name while loading content from an\nentirely different web page, which could allow for cross-site scripting\n(XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,\nAbhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse\nSchwartzentrube as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.5.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.5.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/020272.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/020276.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0449.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-04-30T12:17:04", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "thunderbird security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-04-30T13:38:23", "href": "http://lists.centos.org/pipermail/centos-announce/2014-April/020272.html", "id": "CESA-2014:0449", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:49", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0448.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.5.0-1.el6.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.5.0-1.el5.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.5.0-1.el6.centos", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.5.0-1.el6.centos", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.5.0-1.el5.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.5.0-1.el5.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.5.0-1.el6.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el6.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.5.0-1.el5.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-24.5.0-1.el5.centos.src.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:0448\n\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)\n\nA use-after-free flaw was found in the way Firefox resolved hosts in\ncertain circumstances. An attacker could use this flaw to crash Firefox or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1532)\n\nAn out-of-bounds read flaw was found in the way Firefox decoded JPEG\nimages. Loading a web page containing a specially crafted JPEG image could\ncause Firefox to crash. (CVE-2014-1523)\n\nA flaw was found in the way Firefox handled browser navigations through\nhistory. An attacker could possibly use this flaw to cause the address bar\nof the browser to display a web page name while loading content from an\nentirely different web page, which could allow for cross-site scripting\n(XSS) attacks. (CVE-2014-1530)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary\nKwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,\nAbhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse\nSchwartzentrube as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to this updated package, which contains\nFirefox version 24.5.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/020273.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-April/020274.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0448.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-04-30T12:17:25", "title": "firefox security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-04-30T12:24:31", "href": "http://lists.centos.org/pipermail/centos-announce/2014-April/020273.html", "id": "CESA-2014:0448", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:02", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "src", "packageFilename": "firefox-24.5.0-1.0.1.el5_10.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "src", "packageFilename": "firefox-24.5.0-1.0.1.el5_10.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "src", "packageFilename": "firefox-24.5.0-1.0.1.el5_10.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.5.0-1.0.1.el6_5", "arch": "i686", "packageFilename": "firefox-24.5.0-1.0.1.el6_5.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.5.0-1.0.1.el6_5", "arch": "i686", "packageFilename": "firefox-24.5.0-1.0.1.el6_5.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.5.0-1.0.1.el6_5", "arch": "src", "packageFilename": "firefox-24.5.0-1.0.1.el6_5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.5.0-1.0.1.el6_5", "arch": "src", "packageFilename": "firefox-24.5.0-1.0.1.el6_5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.5.0-1.0.1.el6_5", "arch": "x86_64", "packageFilename": "firefox-24.5.0-1.0.1.el6_5.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "x86_64", "packageFilename": "firefox-24.5.0-1.0.1.el5_10.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "i386", "packageFilename": "firefox-24.5.0-1.0.1.el5_10.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "i386", "packageFilename": "firefox-24.5.0-1.0.1.el5_10.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "ia64", "packageFilename": "firefox-24.5.0-1.0.1.el5_10.ia64.rpm", "packageName": "firefox", "operator": "lt"}], "description": "[24.5.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Build with nspr-devel >= 4.10.0 to fix build failure\n[24.5.0-1]\n- Update to 24.5.0 ESR\n[24.4.0-3]\n- Added a workaround for Bug 1054242 - RHEVM: Extremely high memory\n usage in Firefox 24 ESR on RHEL 6.5\n[24.4.0-2]\n- fixed rhbz#1067343 - Broken languagepack configuration\n after firefox update", "edition": 3, "reporter": "Oracle", "published": "2014-04-30T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-04-30T00:00:00", "id": "ELSA-2014-0448", "href": "http://linux.oracle.com/errata/ELSA-2014-0448.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:42:24", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.5.0-1.0.1.el6_5", "arch": "x86_64", "packageFilename": "thunderbird-24.5.0-1.0.1.el6_5.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.5.0-1.0.1.el6_5", "arch": "i686", "packageFilename": "thunderbird-24.5.0-1.0.1.el6_5.i686.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.5.0-1.0.1.el6_5", "arch": "src", "packageFilename": "thunderbird-24.5.0-1.0.1.el6_5.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.5.0-1.0.1.el6_5", "arch": "src", "packageFilename": "thunderbird-24.5.0-1.0.1.el6_5.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "src", "packageFilename": "thunderbird-24.5.0-1.0.1.el5_10.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "src", "packageFilename": "thunderbird-24.5.0-1.0.1.el5_10.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "x86_64", "packageFilename": "thunderbird-24.5.0-1.0.1.el5_10.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.5.0-1.0.1.el5_10", "arch": "i386", "packageFilename": "thunderbird-24.5.0-1.0.1.el5_10.i386.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[24.5.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[24.5.0-1]\n- Update to 24.5.0", "edition": 3, "reporter": "Oracle", "published": "2014-04-30T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1524", "CVE-2014-1518"], "modified": "2014-04-30T00:00:00", "id": "ELSA-2014-0449", "href": "http://linux.oracle.com/errata/ELSA-2014-0449.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-04-18T15:54:34", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html", "http://www.securitytracker.com/id/1030163", "http://www.ubuntu.com/usn/USN-2189-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html", "http://www.ubuntu.com/usn/USN-2185-1", "http://www.debian.org/security/2014/dsa-2924", "https://bugzilla.mozilla.org/show_bug.cgi?id=966006", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2014-0448.html", "http://www.securitytracker.com/id/1030165", "http://rhn.redhat.com/errata/RHSA-2014-0449.html", "http://www.securityfocus.com/bid/67130", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-46.html", "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html", "http://www.debian.org/security/2014/dsa-2918", "http://www.securitytracker.com/id/1030164", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"], "edition": 2, "description": "Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.", "reporter": "NVD", "published": "2014-04-30T06:49:05", "title": "CVE-2014-1532", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-1532"], "scanner": [], "modified": "2017-01-06T21:59:37", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:2.19:beta1", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:seamonkey:2.1:beta2", "cpe:/a:mozilla:firefox:4.0:beta7", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.17", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.9:beta3", "cpe:/a:mozilla:seamonkey:2.1:alpha3", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:4.0:beta10", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:seamonkey:2.20:beta3", "cpe:/a:mozilla:seamonkey:2.4:beta1", "cpe:/a:mozilla:thunderbird:3.1.16", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:seamonkey:2.25:beta2", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:seamonkey:2.12:beta5", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:seamonkey:2.14:beta1", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:seamonkey:2.11:beta1", "cpe:/a:mozilla:seamonkey:2.18:beta2", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:2.13:beta4", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:2.1:alpha1", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:17.0.8", "cpe:/a:mozilla:seamonkey:2.17:beta4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.12:beta1", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.14:beta5", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.15:beta3", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:seamonkey:2.15.2", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:seamonkey:2.1:beta3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:seamonkey:2.25:beta1", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:seamonkey:2.11:beta3", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.7:beta2", "cpe:/a:mozilla:seamonkey:2.13.2", "cpe:/a:mozilla:seamonkey:2.22:beta2", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:4.0:beta6", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:seamonkey:2.7:beta4", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:seamonkey:2.23:beta2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:2.15:beta5", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:2.13.1", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:seamonkey:2.26:rc1", "cpe:/a:mozilla:seamonkey:2.3:beta2", "cpe:/a:mozilla:seamonkey:2.5:beta4", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:seamonkey:2.7:beta5", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:seamonkey:2.13:beta1", "cpe:/a:mozilla:seamonkey:2.11:beta2", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:seamonkey:2.12:beta3", "cpe:/a:mozilla:seamonkey:2.15:beta2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:seamonkey:2.1:rc2", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:seamonkey:2.23", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:4.0:beta12", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:seamonkey:2.9:beta2", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:seamonkey:2.6:beta3", "cpe:/a:mozilla:firefox:4.0:beta4", "cpe:/a:mozilla:thunderbird:15.0.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:seamonkey:2.12", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.2:beta1", "cpe:/a:mozilla:firefox:4.0:beta8", "cpe:/a:mozilla:seamonkey:2.18:beta1", "cpe:/a:mozilla:seamonkey:2.20:beta1", "cpe:/a:mozilla:seamonkey:2.8:beta2", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:seamonkey:2.13:beta2", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:2.16:beta1", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:2.17:beta1", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.16", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:seamonkey:2.3:beta3", "cpe:/a:mozilla:seamonkey:2.15", "cpe:/a:mozilla:seamonkey:2.11:beta6", "cpe:/a:mozilla:seamonkey:2.2:beta2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:seamonkey:2.9:beta1", "cpe:/a:mozilla:seamonkey:2.1:alpha2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:seamonkey:2.5:beta1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:17.0.7", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:2.11:beta5", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.16:beta3", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.24:beta1", "cpe:/a:mozilla:thunderbird:3.1.14", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:seamonkey:2.21:beta1", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:seamonkey:2.11:beta4", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.14:beta4", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:seamonkey:2.12.1", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:2.2:beta3", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:seamonkey:2.16:beta5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:thunderbird:11.0.1", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:seamonkey:2.15:beta1", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:4.0:beta5", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird:16.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:seamonkey:2.5:beta2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:seamonkey:2.25:-", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:2.1:beta1", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:4.0:beta2", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:seamonkey:2.10.1", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.4:beta2", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.12:beta2", "cpe:/a:mozilla:seamonkey:2.13", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:2.10", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.22.1", "cpe:/a:mozilla:seamonkey:2.23:beta1", "cpe:/a:mozilla:thunderbird:3.1.12", "cpe:/a:mozilla:seamonkey:2.8:beta3", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:firefox:4.0:beta11", "cpe:/a:mozilla:seamonkey:2.13:beta6", "cpe:/a:mozilla:thunderbird:3.1.17", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:seamonkey:2.15.1", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:seamonkey:2.22", "cpe:/a:mozilla:seamonkey:2.8:beta6", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.17:beta2", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:4.0:beta3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:2.16:beta4", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:13.0", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:seamonkey:2.10:beta2", "cpe:/a:mozilla:seamonkey:2.16.2", "cpe:/a:mozilla:seamonkey:2.3:beta1", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:thunderbird:16.0", "cpe:/a:mozilla:seamonkey:2.8:beta5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:2.19", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:3.1.13", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:seamonkey:2.9:beta4", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.15:beta6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:seamonkey:2.14", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:seamonkey:2.8:beta4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.13:beta3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:seamonkey:2.14:beta2", "cpe:/a:mozilla:seamonkey:2.17.1", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:thunderbird:16.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.24", "cpe:/a:mozilla:seamonkey:2.8:beta1", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:2.9.1", "cpe:/a:mozilla:seamonkey:2.5:beta3", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.12:beta6", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:2.15:beta4", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:14.0", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:seamonkey:2.13:beta5", "cpe:/a:mozilla:firefox:4.0:beta9", "cpe:/a:mozilla:seamonkey:2.20", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:seamonkey:2.22:beta1", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:seamonkey:2.25:beta3", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.14:beta3", "cpe:/a:mozilla:thunderbird:3.1.15", "cpe:/a:mozilla:seamonkey:2.18:beta3", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:15.0", "cpe:/a:mozilla:seamonkey:2.6:beta2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:seamonkey:2.12:beta4", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:thunderbird:12.0.1", "cpe:/a:mozilla:seamonkey:2.4:beta3", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:2.7:beta1", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:seamonkey:2.17:beta3", "cpe:/a:mozilla:seamonkey:2.1:rc1", "cpe:/a:mozilla:seamonkey:2.6:beta1", "cpe:/a:mozilla:seamonkey:2.10:beta3", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:seamonkey:2.21:beta2", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:seamonkey:2.18:beta4", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:seamonkey:2.20:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.11", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:2.6:beta4", "cpe:/a:mozilla:seamonkey:2.16.1", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:seamonkey:2.21", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:12.0:beta6", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:seamonkey:2.10:beta1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox_esr:24.1.1", "cpe:/a:mozilla:seamonkey:2.7:beta3", "cpe:/a:mozilla:seamonkey:2.19:beta2", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:2.16:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:4.0:beta1", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:firefox:21.0", "cpe:/a:mozilla:thunderbird:13.0.1"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1532", "id": "CVE-2014-1532", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:54:34", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html", "http://www.securitytracker.com/id/1030163", "http://www.ubuntu.com/usn/USN-2189-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html", "http://www.ubuntu.com/usn/USN-2185-1", "http://www.debian.org/security/2014/dsa-2924", "https://bugzilla.mozilla.org/show_bug.cgi?id=989183", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-38.html", "http://rhn.redhat.com/errata/RHSA-2014-0448.html", "http://www.securitytracker.com/id/1030165", "http://rhn.redhat.com/errata/RHSA-2014-0449.html", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html", "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html", "http://www.securityfocus.com/bid/67131", "http://www.debian.org/security/2014/dsa-2918", "http://www.securitytracker.com/id/1030164", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"], "edition": 2, "description": "The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.", "reporter": "NVD", "published": "2014-04-30T06:49:04", "title": "CVE-2014-1524", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-1524"], "scanner": [], "modified": "2017-01-06T21:59:37", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:2.19:beta1", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:seamonkey:2.1:beta2", "cpe:/a:mozilla:firefox:4.0:beta7", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.17", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.9:beta3", "cpe:/a:mozilla:seamonkey:2.1:alpha3", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:4.0:beta10", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:seamonkey:2.20:beta3", "cpe:/a:mozilla:seamonkey:2.4:beta1", "cpe:/a:mozilla:thunderbird:3.1.16", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:seamonkey:2.25:beta2", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:seamonkey:2.12:beta5", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:seamonkey:2.14:beta1", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:seamonkey:2.11:beta1", "cpe:/a:mozilla:seamonkey:2.18:beta2", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:2.13:beta4", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:2.1:alpha1", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:17.0.8", "cpe:/a:mozilla:seamonkey:2.17:beta4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.12:beta1", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.14:beta5", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.15:beta3", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:seamonkey:2.15.2", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:seamonkey:2.1:beta3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:seamonkey:2.25:beta1", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:seamonkey:2.11:beta3", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.7:beta2", "cpe:/a:mozilla:seamonkey:2.13.2", "cpe:/a:mozilla:seamonkey:2.22:beta2", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:4.0:beta6", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:seamonkey:2.7:beta4", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:seamonkey:2.23:beta2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:2.15:beta5", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:2.13.1", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:seamonkey:2.26:rc1", "cpe:/a:mozilla:seamonkey:2.3:beta2", "cpe:/a:mozilla:seamonkey:2.5:beta4", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:seamonkey:2.7:beta5", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:seamonkey:2.13:beta1", "cpe:/a:mozilla:seamonkey:2.11:beta2", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:seamonkey:2.12:beta3", "cpe:/a:mozilla:seamonkey:2.15:beta2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:seamonkey:2.1:rc2", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:seamonkey:2.23", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:4.0:beta12", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:seamonkey:2.9:beta2", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:seamonkey:2.6:beta3", "cpe:/a:mozilla:firefox:4.0:beta4", "cpe:/a:mozilla:thunderbird:15.0.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:seamonkey:2.12", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.2:beta1", "cpe:/a:mozilla:firefox:4.0:beta8", "cpe:/a:mozilla:seamonkey:2.18:beta1", "cpe:/a:mozilla:seamonkey:2.20:beta1", "cpe:/a:mozilla:seamonkey:2.8:beta2", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:seamonkey:2.13:beta2", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:2.16:beta1", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:2.17:beta1", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.16", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:seamonkey:2.3:beta3", "cpe:/a:mozilla:seamonkey:2.15", "cpe:/a:mozilla:seamonkey:2.11:beta6", "cpe:/a:mozilla:seamonkey:2.2:beta2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:seamonkey:2.9:beta1", "cpe:/a:mozilla:seamonkey:2.1:alpha2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:seamonkey:2.5:beta1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:17.0.7", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:2.11:beta5", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.16:beta3", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.24:beta1", "cpe:/a:mozilla:thunderbird:3.1.14", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:seamonkey:2.21:beta1", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:seamonkey:2.11:beta4", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.14:beta4", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:seamonkey:2.12.1", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:2.2:beta3", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:seamonkey:2.16:beta5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:thunderbird:11.0.1", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:seamonkey:2.15:beta1", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:4.0:beta5", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird:16.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:seamonkey:2.5:beta2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:seamonkey:2.25:-", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:2.1:beta1", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:4.0:beta2", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:seamonkey:2.10.1", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.4:beta2", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.12:beta2", "cpe:/a:mozilla:seamonkey:2.13", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:2.10", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.22.1", "cpe:/a:mozilla:seamonkey:2.23:beta1", "cpe:/a:mozilla:thunderbird:3.1.12", "cpe:/a:mozilla:seamonkey:2.8:beta3", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:firefox:4.0:beta11", "cpe:/a:mozilla:seamonkey:2.13:beta6", "cpe:/a:mozilla:thunderbird:3.1.17", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:seamonkey:2.15.1", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:seamonkey:2.22", "cpe:/a:mozilla:seamonkey:2.8:beta6", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.17:beta2", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:4.0:beta3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:2.16:beta4", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:13.0", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:seamonkey:2.10:beta2", "cpe:/a:mozilla:seamonkey:2.16.2", "cpe:/a:mozilla:seamonkey:2.3:beta1", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:thunderbird:16.0", "cpe:/a:mozilla:seamonkey:2.8:beta5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:2.19", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:3.1.13", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:seamonkey:2.9:beta4", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.15:beta6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:seamonkey:2.14", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:seamonkey:2.8:beta4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.13:beta3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:seamonkey:2.14:beta2", "cpe:/a:mozilla:seamonkey:2.17.1", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:thunderbird:16.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.24", "cpe:/a:mozilla:seamonkey:2.8:beta1", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:2.9.1", "cpe:/a:mozilla:seamonkey:2.5:beta3", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.12:beta6", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:2.15:beta4", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:14.0", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:seamonkey:2.13:beta5", "cpe:/a:mozilla:firefox:4.0:beta9", "cpe:/a:mozilla:seamonkey:2.20", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:seamonkey:2.22:beta1", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:seamonkey:2.25:beta3", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.14:beta3", "cpe:/a:mozilla:thunderbird:3.1.15", "cpe:/a:mozilla:seamonkey:2.18:beta3", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:15.0", "cpe:/a:mozilla:seamonkey:2.6:beta2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:seamonkey:2.12:beta4", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:thunderbird:12.0.1", "cpe:/a:mozilla:seamonkey:2.4:beta3", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:2.7:beta1", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:seamonkey:2.17:beta3", "cpe:/a:mozilla:seamonkey:2.1:rc1", "cpe:/a:mozilla:seamonkey:2.6:beta1", "cpe:/a:mozilla:seamonkey:2.10:beta3", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:seamonkey:2.21:beta2", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:seamonkey:2.18:beta4", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:seamonkey:2.20:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.11", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:2.6:beta4", "cpe:/a:mozilla:seamonkey:2.16.1", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:seamonkey:2.21", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:12.0:beta6", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:seamonkey:2.10:beta1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox_esr:24.1.1", "cpe:/a:mozilla:seamonkey:2.7:beta3", "cpe:/a:mozilla:seamonkey:2.19:beta2", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:2.16:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:4.0:beta1", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:firefox:21.0", "cpe:/a:mozilla:thunderbird:13.0.1"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1524", "id": "CVE-2014-1524", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:54:34", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=992968", "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=944353", "https://bugzilla.mozilla.org/show_bug.cgi?id=986843", "http://www.securitytracker.com/id/1030163", "http://www.ubuntu.com/usn/USN-2189-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html", "http://www.ubuntu.com/usn/USN-2185-1", "https://bugzilla.mozilla.org/show_bug.cgi?id=980537", "https://bugzilla.mozilla.org/show_bug.cgi?id=993546", "http://www.debian.org/security/2014/dsa-2924", "https://bugzilla.mozilla.org/show_bug.cgi?id=986678", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=952022", "http://rhn.redhat.com/errata/RHSA-2014-0448.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=991471", "http://rhn.redhat.com/errata/RHSA-2014-0449.html", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-34.html", "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html", "http://www.debian.org/security/2014/dsa-2918", "https://bugzilla.mozilla.org/show_bug.cgi?id=966630", "http://www.securitytracker.com/id/1030164", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html", "http://www.securityfocus.com/bid/67123"], "edition": 2, "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "reporter": "NVD", "published": "2014-04-30T06:49:04", "title": "CVE-2014-1518", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-1518"], "scanner": [], "modified": "2017-01-06T21:59:37", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:2.19:beta1", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:seamonkey:2.1:beta2", "cpe:/a:mozilla:firefox:4.0:beta7", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.17", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.9:beta3", "cpe:/a:mozilla:seamonkey:2.1:alpha3", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:4.0:beta10", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:seamonkey:2.20:beta3", "cpe:/a:mozilla:seamonkey:2.4:beta1", "cpe:/a:mozilla:thunderbird:3.1.16", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:seamonkey:2.25:beta2", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:seamonkey:2.12:beta5", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:seamonkey:2.14:beta1", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:seamonkey:2.11:beta1", "cpe:/a:mozilla:seamonkey:2.18:beta2", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:2.13:beta4", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:2.1:alpha1", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:17.0.8", "cpe:/a:mozilla:seamonkey:2.17:beta4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.12:beta1", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.14:beta5", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.15:beta3", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:seamonkey:2.15.2", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:seamonkey:2.1:beta3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:seamonkey:2.25:beta1", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:seamonkey:2.11:beta3", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.7:beta2", "cpe:/a:mozilla:seamonkey:2.13.2", "cpe:/a:mozilla:seamonkey:2.22:beta2", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:4.0:beta6", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:seamonkey:2.7:beta4", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:seamonkey:2.23:beta2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:2.15:beta5", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:2.13.1", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:seamonkey:2.26:rc1", "cpe:/a:mozilla:seamonkey:2.3:beta2", "cpe:/a:mozilla:seamonkey:2.5:beta4", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:seamonkey:2.7:beta5", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:seamonkey:2.13:beta1", "cpe:/a:mozilla:seamonkey:2.11:beta2", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:seamonkey:2.12:beta3", "cpe:/a:mozilla:seamonkey:2.15:beta2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:seamonkey:2.1:rc2", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:seamonkey:2.23", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:4.0:beta12", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:seamonkey:2.9:beta2", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:seamonkey:2.6:beta3", "cpe:/a:mozilla:firefox:4.0:beta4", "cpe:/a:mozilla:thunderbird:15.0.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:seamonkey:2.12", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.2:beta1", "cpe:/a:mozilla:firefox:4.0:beta8", "cpe:/a:mozilla:seamonkey:2.18:beta1", "cpe:/a:mozilla:seamonkey:2.20:beta1", "cpe:/a:mozilla:seamonkey:2.8:beta2", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:seamonkey:2.13:beta2", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:2.16:beta1", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:2.17:beta1", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.16", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:seamonkey:2.3:beta3", "cpe:/a:mozilla:seamonkey:2.15", "cpe:/a:mozilla:seamonkey:2.11:beta6", "cpe:/a:mozilla:seamonkey:2.2:beta2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:seamonkey:2.9:beta1", "cpe:/a:mozilla:seamonkey:2.1:alpha2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:seamonkey:2.5:beta1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:17.0.7", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:2.11:beta5", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.16:beta3", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.24:beta1", "cpe:/a:mozilla:thunderbird:3.1.14", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:seamonkey:2.21:beta1", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:seamonkey:2.11:beta4", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.14:beta4", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:seamonkey:2.12.1", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:2.2:beta3", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:seamonkey:2.16:beta5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:thunderbird:11.0.1", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:seamonkey:2.15:beta1", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:4.0:beta5", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird:16.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:seamonkey:2.5:beta2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:seamonkey:2.25:-", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:2.1:beta1", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:4.0:beta2", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:seamonkey:2.10.1", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.4:beta2", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.12:beta2", "cpe:/a:mozilla:seamonkey:2.13", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:2.10", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.22.1", "cpe:/a:mozilla:seamonkey:2.23:beta1", "cpe:/a:mozilla:thunderbird:3.1.12", "cpe:/a:mozilla:seamonkey:2.8:beta3", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:firefox:4.0:beta11", "cpe:/a:mozilla:seamonkey:2.13:beta6", "cpe:/a:mozilla:thunderbird:3.1.17", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:seamonkey:2.15.1", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:seamonkey:2.22", "cpe:/a:mozilla:seamonkey:2.8:beta6", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.17:beta2", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:4.0:beta3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:2.16:beta4", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:13.0", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:seamonkey:2.10:beta2", "cpe:/a:mozilla:seamonkey:2.16.2", "cpe:/a:mozilla:seamonkey:2.3:beta1", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:thunderbird:16.0", "cpe:/a:mozilla:seamonkey:2.8:beta5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:2.19", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:3.1.13", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:seamonkey:2.9:beta4", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.15:beta6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:seamonkey:2.14", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:seamonkey:2.8:beta4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.13:beta3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:seamonkey:2.14:beta2", "cpe:/a:mozilla:seamonkey:2.17.1", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:thunderbird:16.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.24", "cpe:/a:mozilla:seamonkey:2.8:beta1", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:2.9.1", "cpe:/a:mozilla:seamonkey:2.5:beta3", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.12:beta6", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:2.15:beta4", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:14.0", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:seamonkey:2.13:beta5", "cpe:/a:mozilla:firefox:4.0:beta9", "cpe:/a:mozilla:seamonkey:2.20", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:seamonkey:2.22:beta1", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:seamonkey:2.25:beta3", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.14:beta3", "cpe:/a:mozilla:thunderbird:3.1.15", "cpe:/a:mozilla:seamonkey:2.18:beta3", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:15.0", "cpe:/a:mozilla:seamonkey:2.6:beta2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:seamonkey:2.12:beta4", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:thunderbird:12.0.1", "cpe:/a:mozilla:seamonkey:2.4:beta3", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:2.7:beta1", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:seamonkey:2.17:beta3", "cpe:/a:mozilla:seamonkey:2.1:rc1", "cpe:/a:mozilla:seamonkey:2.6:beta1", "cpe:/a:mozilla:seamonkey:2.10:beta3", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:seamonkey:2.21:beta2", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:seamonkey:2.18:beta4", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:seamonkey:2.20:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.11", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:2.6:beta4", "cpe:/a:mozilla:seamonkey:2.16.1", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:seamonkey:2.21", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:12.0:beta6", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:seamonkey:2.10:beta1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox_esr:24.1.1", "cpe:/a:mozilla:seamonkey:2.7:beta3", "cpe:/a:mozilla:seamonkey:2.19:beta2", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:2.16:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:4.0:beta1", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:firefox:21.0", "cpe:/a:mozilla:thunderbird:13.0.1"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1518", "id": "CVE-2014-1518", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:54:34", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html", "http://www.securitytracker.com/id/1030163", "http://www.ubuntu.com/usn/USN-2189-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=987140", "http://www.ubuntu.com/usn/USN-2185-1", "http://www.mozilla.org/security/announce/2014/mfsa2014-44.html", "http://www.debian.org/security/2014/dsa-2924", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2014-0448.html", "http://www.securitytracker.com/id/1030165", "http://rhn.redhat.com/errata/RHSA-2014-0449.html", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html", "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html", "https://security.gentoo.org/glsa/201504-01", "http://www.securityfocus.com/bid/67134", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html", "http://www.debian.org/security/2014/dsa-2918", "http://www.securitytracker.com/id/1030164", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"], "edition": 2, "description": "Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.", "reporter": "NVD", "published": "2014-04-30T06:49:05", "title": "CVE-2014-1531", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-1531"], "scanner": [], "modified": "2017-01-06T21:59:37", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:2.19:beta1", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:seamonkey:2.1:beta2", "cpe:/a:mozilla:firefox:4.0:beta7", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.17", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.9:beta3", "cpe:/a:mozilla:seamonkey:2.1:alpha3", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:4.0:beta10", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:seamonkey:2.20:beta3", "cpe:/a:mozilla:seamonkey:2.4:beta1", "cpe:/a:mozilla:thunderbird:3.1.16", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:seamonkey:2.25:beta2", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:seamonkey:2.12:beta5", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:seamonkey:2.14:beta1", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:seamonkey:2.11:beta1", "cpe:/a:mozilla:seamonkey:2.18:beta2", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:2.13:beta4", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:2.1:alpha1", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:17.0.8", "cpe:/a:mozilla:seamonkey:2.17:beta4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.12:beta1", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.14:beta5", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.15:beta3", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:seamonkey:2.15.2", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:seamonkey:2.1:beta3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:seamonkey:2.25:beta1", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:seamonkey:2.11:beta3", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.7:beta2", "cpe:/a:mozilla:seamonkey:2.13.2", "cpe:/a:mozilla:seamonkey:2.22:beta2", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:4.0:beta6", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:seamonkey:2.7:beta4", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:seamonkey:2.23:beta2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:2.15:beta5", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:2.13.1", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:seamonkey:2.26:rc1", "cpe:/a:mozilla:seamonkey:2.3:beta2", "cpe:/a:mozilla:seamonkey:2.5:beta4", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:seamonkey:2.7:beta5", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:seamonkey:2.13:beta1", "cpe:/a:mozilla:seamonkey:2.11:beta2", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:seamonkey:2.12:beta3", "cpe:/a:mozilla:seamonkey:2.15:beta2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:seamonkey:2.1:rc2", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:seamonkey:2.23", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:4.0:beta12", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:seamonkey:2.9:beta2", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:seamonkey:2.6:beta3", "cpe:/a:mozilla:firefox:4.0:beta4", "cpe:/a:mozilla:thunderbird:15.0.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:seamonkey:2.12", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.2:beta1", "cpe:/a:mozilla:firefox:4.0:beta8", "cpe:/a:mozilla:seamonkey:2.18:beta1", "cpe:/a:mozilla:seamonkey:2.20:beta1", "cpe:/a:mozilla:seamonkey:2.8:beta2", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:seamonkey:2.13:beta2", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:2.16:beta1", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:2.17:beta1", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.16", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:seamonkey:2.3:beta3", "cpe:/a:mozilla:seamonkey:2.15", "cpe:/a:mozilla:seamonkey:2.11:beta6", "cpe:/a:mozilla:seamonkey:2.2:beta2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:seamonkey:2.9:beta1", "cpe:/a:mozilla:seamonkey:2.1:alpha2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:seamonkey:2.5:beta1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:17.0.7", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:2.11:beta5", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.16:beta3", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.24:beta1", "cpe:/a:mozilla:thunderbird:3.1.14", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:seamonkey:2.21:beta1", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:seamonkey:2.11:beta4", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.14:beta4", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:seamonkey:2.12.1", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:2.2:beta3", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:seamonkey:2.16:beta5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:thunderbird:11.0.1", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:seamonkey:2.15:beta1", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:4.0:beta5", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird:16.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:seamonkey:2.5:beta2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:seamonkey:2.25:-", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:2.1:beta1", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:4.0:beta2", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:seamonkey:2.10.1", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.4:beta2", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.12:beta2", "cpe:/a:mozilla:seamonkey:2.13", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:2.10", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.22.1", "cpe:/a:mozilla:seamonkey:2.23:beta1", "cpe:/a:mozilla:thunderbird:3.1.12", "cpe:/a:mozilla:seamonkey:2.8:beta3", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:firefox:4.0:beta11", "cpe:/a:mozilla:seamonkey:2.13:beta6", "cpe:/a:mozilla:thunderbird:3.1.17", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:seamonkey:2.15.1", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:seamonkey:2.22", "cpe:/a:mozilla:seamonkey:2.8:beta6", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.17:beta2", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:4.0:beta3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:2.16:beta4", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:13.0", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:seamonkey:2.10:beta2", "cpe:/a:mozilla:seamonkey:2.16.2", "cpe:/a:mozilla:seamonkey:2.3:beta1", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:thunderbird:16.0", "cpe:/a:mozilla:seamonkey:2.8:beta5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:2.19", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:3.1.13", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:seamonkey:2.9:beta4", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.15:beta6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:seamonkey:2.14", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:seamonkey:2.8:beta4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.13:beta3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:seamonkey:2.14:beta2", "cpe:/a:mozilla:seamonkey:2.17.1", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:thunderbird:16.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.24", "cpe:/a:mozilla:seamonkey:2.8:beta1", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:2.9.1", "cpe:/a:mozilla:seamonkey:2.5:beta3", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.12:beta6", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:2.15:beta4", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:14.0", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:seamonkey:2.13:beta5", "cpe:/a:mozilla:firefox:4.0:beta9", "cpe:/a:mozilla:seamonkey:2.20", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:seamonkey:2.22:beta1", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:seamonkey:2.25:beta3", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.14:beta3", "cpe:/a:mozilla:thunderbird:3.1.15", "cpe:/a:mozilla:seamonkey:2.18:beta3", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:15.0", "cpe:/a:mozilla:seamonkey:2.6:beta2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:seamonkey:2.12:beta4", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:thunderbird:12.0.1", "cpe:/a:mozilla:seamonkey:2.4:beta3", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:2.7:beta1", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:seamonkey:2.17:beta3", "cpe:/a:mozilla:seamonkey:2.1:rc1", "cpe:/a:mozilla:seamonkey:2.6:beta1", "cpe:/a:mozilla:seamonkey:2.10:beta3", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:seamonkey:2.21:beta2", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:seamonkey:2.18:beta4", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:seamonkey:2.20:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.11", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:2.6:beta4", "cpe:/a:mozilla:seamonkey:2.16.1", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:seamonkey:2.21", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:12.0:beta6", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:seamonkey:2.10:beta1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox_esr:24.1.1", "cpe:/a:mozilla:seamonkey:2.7:beta3", "cpe:/a:mozilla:seamonkey:2.19:beta2", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:2.16:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:4.0:beta1", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:firefox:21.0", "cpe:/a:mozilla:thunderbird:13.0.1"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1531", "id": "CVE-2014-1531", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:54:34", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html", "http://www.securitytracker.com/id/1030163", "http://www.ubuntu.com/usn/USN-2189-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html", "http://www.ubuntu.com/usn/USN-2185-1", "http://www.debian.org/security/2014/dsa-2924", "http://www.securityfocus.com/bid/67135", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2014-0448.html", "http://www.securitytracker.com/id/1030165", "http://www.mozilla.org/security/announce/2014/mfsa2014-42.html", "http://rhn.redhat.com/errata/RHSA-2014-0449.html", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=987003", "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html", "http://www.debian.org/security/2014/dsa-2918", "http://www.securitytracker.com/id/1030164", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"], "edition": 2, "description": "The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.", "reporter": "NVD", "published": "2014-04-30T06:49:04", "title": "CVE-2014-1529", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-1529"], "scanner": [], "modified": "2017-01-06T21:59:37", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:2.19:beta1", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:seamonkey:2.1:beta2", "cpe:/a:mozilla:firefox:4.0:beta7", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.17", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.9:beta3", "cpe:/a:mozilla:seamonkey:2.1:alpha3", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:4.0:beta10", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:seamonkey:2.20:beta3", "cpe:/a:mozilla:seamonkey:2.4:beta1", "cpe:/a:mozilla:thunderbird:3.1.16", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:seamonkey:2.25:beta2", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:seamonkey:2.12:beta5", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:seamonkey:2.14:beta1", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:seamonkey:2.11:beta1", "cpe:/a:mozilla:seamonkey:2.18:beta2", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:2.13:beta4", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:2.1:alpha1", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:17.0.8", "cpe:/a:mozilla:seamonkey:2.17:beta4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.12:beta1", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.14:beta5", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.15:beta3", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:seamonkey:2.15.2", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:seamonkey:2.1:beta3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:seamonkey:2.25:beta1", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:seamonkey:2.11:beta3", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.7:beta2", "cpe:/a:mozilla:seamonkey:2.13.2", "cpe:/a:mozilla:seamonkey:2.22:beta2", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:4.0:beta6", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:seamonkey:2.7:beta4", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:seamonkey:2.23:beta2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:2.15:beta5", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:2.13.1", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:seamonkey:2.26:rc1", "cpe:/a:mozilla:seamonkey:2.3:beta2", "cpe:/a:mozilla:seamonkey:2.5:beta4", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:seamonkey:2.7:beta5", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:seamonkey:2.13:beta1", "cpe:/a:mozilla:seamonkey:2.11:beta2", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:seamonkey:2.12:beta3", "cpe:/a:mozilla:seamonkey:2.15:beta2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:seamonkey:2.1:rc2", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:seamonkey:2.23", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:4.0:beta12", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:seamonkey:2.9:beta2", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:seamonkey:2.6:beta3", "cpe:/a:mozilla:firefox:4.0:beta4", "cpe:/a:mozilla:thunderbird:15.0.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:seamonkey:2.12", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.2:beta1", "cpe:/a:mozilla:firefox:4.0:beta8", "cpe:/a:mozilla:seamonkey:2.18:beta1", "cpe:/a:mozilla:seamonkey:2.20:beta1", "cpe:/a:mozilla:seamonkey:2.8:beta2", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:seamonkey:2.13:beta2", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:2.16:beta1", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:2.17:beta1", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.16", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:seamonkey:2.3:beta3", "cpe:/a:mozilla:seamonkey:2.15", "cpe:/a:mozilla:seamonkey:2.11:beta6", "cpe:/a:mozilla:seamonkey:2.2:beta2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:seamonkey:2.9:beta1", "cpe:/a:mozilla:seamonkey:2.1:alpha2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:seamonkey:2.5:beta1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:17.0.7", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:2.11:beta5", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.16:beta3", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.24:beta1", "cpe:/a:mozilla:thunderbird:3.1.14", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:seamonkey:2.21:beta1", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:seamonkey:2.11:beta4", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.14:beta4", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:seamonkey:2.12.1", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:2.2:beta3", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:seamonkey:2.16:beta5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:thunderbird:11.0.1", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:seamonkey:2.15:beta1", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:4.0:beta5", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird:16.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:seamonkey:2.5:beta2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:seamonkey:2.25:-", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:2.1:beta1", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:4.0:beta2", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:seamonkey:2.10.1", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.4:beta2", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.12:beta2", "cpe:/a:mozilla:seamonkey:2.13", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:2.10", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.22.1", "cpe:/a:mozilla:seamonkey:2.23:beta1", "cpe:/a:mozilla:thunderbird:3.1.12", "cpe:/a:mozilla:seamonkey:2.8:beta3", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:firefox:4.0:beta11", "cpe:/a:mozilla:seamonkey:2.13:beta6", "cpe:/a:mozilla:thunderbird:3.1.17", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:seamonkey:2.15.1", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:seamonkey:2.22", "cpe:/a:mozilla:seamonkey:2.8:beta6", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.17:beta2", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:4.0:beta3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:2.16:beta4", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:13.0", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:seamonkey:2.10:beta2", "cpe:/a:mozilla:seamonkey:2.16.2", "cpe:/a:mozilla:seamonkey:2.3:beta1", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:thunderbird:16.0", "cpe:/a:mozilla:seamonkey:2.8:beta5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:2.19", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:3.1.13", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:seamonkey:2.9:beta4", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.15:beta6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:seamonkey:2.14", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:seamonkey:2.8:beta4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.13:beta3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:seamonkey:2.14:beta2", "cpe:/a:mozilla:seamonkey:2.17.1", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:thunderbird:16.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.24", "cpe:/a:mozilla:seamonkey:2.8:beta1", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:2.9.1", "cpe:/a:mozilla:seamonkey:2.5:beta3", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.12:beta6", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:2.15:beta4", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:14.0", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:seamonkey:2.13:beta5", "cpe:/a:mozilla:firefox:4.0:beta9", "cpe:/a:mozilla:seamonkey:2.20", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:seamonkey:2.22:beta1", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:seamonkey:2.25:beta3", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.14:beta3", "cpe:/a:mozilla:thunderbird:3.1.15", "cpe:/a:mozilla:seamonkey:2.18:beta3", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:15.0", "cpe:/a:mozilla:seamonkey:2.6:beta2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:seamonkey:2.12:beta4", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:thunderbird:12.0.1", "cpe:/a:mozilla:seamonkey:2.4:beta3", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:2.7:beta1", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:seamonkey:2.17:beta3", "cpe:/a:mozilla:seamonkey:2.1:rc1", "cpe:/a:mozilla:seamonkey:2.6:beta1", "cpe:/a:mozilla:seamonkey:2.10:beta3", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:seamonkey:2.21:beta2", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:seamonkey:2.18:beta4", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:seamonkey:2.20:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.11", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:2.6:beta4", "cpe:/a:mozilla:seamonkey:2.16.1", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:seamonkey:2.21", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:12.0:beta6", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:seamonkey:2.10:beta1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox_esr:24.1.1", "cpe:/a:mozilla:seamonkey:2.7:beta3", "cpe:/a:mozilla:seamonkey:2.19:beta2", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:2.16:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:4.0:beta1", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:firefox:21.0", "cpe:/a:mozilla:thunderbird:13.0.1"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1529", "id": "CVE-2014-1529", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:54:34", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html", "http://www.securitytracker.com/id/1030163", "http://www.ubuntu.com/usn/USN-2189-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html", "http://www.ubuntu.com/usn/USN-2185-1", "http://www.debian.org/security/2014/dsa-2924", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html", "http://www.securityfocus.com/bid/67129", "https://bugzilla.mozilla.org/show_bug.cgi?id=969226", "http://rhn.redhat.com/errata/RHSA-2014-0448.html", "http://www.securitytracker.com/id/1030165", "http://rhn.redhat.com/errata/RHSA-2014-0449.html", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html", "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html", "http://www.debian.org/security/2014/dsa-2918", "http://www.mozilla.org/security/announce/2014/mfsa2014-37.html", "http://www.securitytracker.com/id/1030164", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"], "edition": 2, "description": "Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.", "reporter": "NVD", "published": "2014-04-30T06:49:04", "title": "CVE-2014-1523", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-1523"], "scanner": [], "modified": "2017-01-06T21:59:37", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:2.19:beta1", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:seamonkey:2.1:beta2", "cpe:/a:mozilla:firefox:4.0:beta7", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.17", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.9:beta3", "cpe:/a:mozilla:seamonkey:2.1:alpha3", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:4.0:beta10", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:seamonkey:2.20:beta3", "cpe:/a:mozilla:seamonkey:2.4:beta1", "cpe:/a:mozilla:thunderbird:3.1.16", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:seamonkey:2.25:beta2", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:seamonkey:2.12:beta5", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:seamonkey:2.14:beta1", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:seamonkey:2.11:beta1", "cpe:/a:mozilla:seamonkey:2.18:beta2", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:2.13:beta4", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:2.1:alpha1", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:17.0.8", "cpe:/a:mozilla:seamonkey:2.17:beta4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.12:beta1", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.14:beta5", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.15:beta3", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:seamonkey:2.15.2", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:seamonkey:2.1:beta3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:seamonkey:2.25:beta1", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:seamonkey:2.11:beta3", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.7:beta2", "cpe:/a:mozilla:seamonkey:2.13.2", "cpe:/a:mozilla:seamonkey:2.22:beta2", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:4.0:beta6", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:seamonkey:2.7:beta4", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:seamonkey:2.23:beta2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:2.15:beta5", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:2.13.1", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:seamonkey:2.26:rc1", "cpe:/a:mozilla:seamonkey:2.3:beta2", "cpe:/a:mozilla:seamonkey:2.5:beta4", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:seamonkey:2.7:beta5", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:seamonkey:2.13:beta1", "cpe:/a:mozilla:seamonkey:2.11:beta2", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:seamonkey:2.12:beta3", "cpe:/a:mozilla:seamonkey:2.15:beta2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:seamonkey:2.1:rc2", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:seamonkey:2.23", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:4.0:beta12", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:seamonkey:2.9:beta2", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:seamonkey:2.6:beta3", "cpe:/a:mozilla:firefox:4.0:beta4", "cpe:/a:mozilla:thunderbird:15.0.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:seamonkey:2.12", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.2:beta1", "cpe:/a:mozilla:firefox:4.0:beta8", "cpe:/a:mozilla:seamonkey:2.18:beta1", "cpe:/a:mozilla:seamonkey:2.20:beta1", "cpe:/a:mozilla:seamonkey:2.8:beta2", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:seamonkey:2.13:beta2", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:2.16:beta1", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:2.17:beta1", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.16", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:seamonkey:2.3:beta3", "cpe:/a:mozilla:seamonkey:2.15", "cpe:/a:mozilla:seamonkey:2.11:beta6", "cpe:/a:mozilla:seamonkey:2.2:beta2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:seamonkey:2.9:beta1", "cpe:/a:mozilla:seamonkey:2.1:alpha2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:seamonkey:2.5:beta1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:17.0.7", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:2.11:beta5", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.16:beta3", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.24:beta1", "cpe:/a:mozilla:thunderbird:3.1.14", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:seamonkey:2.21:beta1", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:seamonkey:2.11:beta4", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.14:beta4", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:seamonkey:2.12.1", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:2.2:beta3", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:seamonkey:2.16:beta5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:thunderbird:11.0.1", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:seamonkey:2.15:beta1", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:4.0:beta5", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird:16.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:seamonkey:2.5:beta2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:seamonkey:2.25:-", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:2.1:beta1", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:4.0:beta2", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:seamonkey:2.10.1", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.4:beta2", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.12:beta2", "cpe:/a:mozilla:seamonkey:2.13", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:2.10", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.22.1", "cpe:/a:mozilla:seamonkey:2.23:beta1", "cpe:/a:mozilla:thunderbird:3.1.12", "cpe:/a:mozilla:seamonkey:2.8:beta3", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:firefox:4.0:beta11", "cpe:/a:mozilla:seamonkey:2.13:beta6", "cpe:/a:mozilla:thunderbird:3.1.17", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:seamonkey:2.15.1", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:seamonkey:2.22", "cpe:/a:mozilla:seamonkey:2.8:beta6", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.17:beta2", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:4.0:beta3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:2.16:beta4", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:13.0", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:seamonkey:2.10:beta2", "cpe:/a:mozilla:seamonkey:2.16.2", "cpe:/a:mozilla:seamonkey:2.3:beta1", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:thunderbird:16.0", "cpe:/a:mozilla:seamonkey:2.8:beta5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:2.19", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:3.1.13", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:seamonkey:2.9:beta4", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.15:beta6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:seamonkey:2.14", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:seamonkey:2.8:beta4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.13:beta3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:seamonkey:2.14:beta2", "cpe:/a:mozilla:seamonkey:2.17.1", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:thunderbird:16.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.24", "cpe:/a:mozilla:seamonkey:2.8:beta1", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:2.9.1", "cpe:/a:mozilla:seamonkey:2.5:beta3", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.12:beta6", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:2.15:beta4", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:14.0", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:seamonkey:2.13:beta5", "cpe:/a:mozilla:firefox:4.0:beta9", "cpe:/a:mozilla:seamonkey:2.20", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:seamonkey:2.22:beta1", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:seamonkey:2.25:beta3", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.14:beta3", "cpe:/a:mozilla:thunderbird:3.1.15", "cpe:/a:mozilla:seamonkey:2.18:beta3", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:15.0", "cpe:/a:mozilla:seamonkey:2.6:beta2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:seamonkey:2.12:beta4", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:thunderbird:12.0.1", "cpe:/a:mozilla:seamonkey:2.4:beta3", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:2.7:beta1", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:seamonkey:2.17:beta3", "cpe:/a:mozilla:seamonkey:2.1:rc1", "cpe:/a:mozilla:seamonkey:2.6:beta1", "cpe:/a:mozilla:seamonkey:2.10:beta3", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:seamonkey:2.21:beta2", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:seamonkey:2.18:beta4", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:seamonkey:2.20:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.11", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:2.6:beta4", "cpe:/a:mozilla:seamonkey:2.16.1", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:seamonkey:2.21", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:12.0:beta6", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:seamonkey:2.10:beta1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox_esr:24.1.1", "cpe:/a:mozilla:seamonkey:2.7:beta3", "cpe:/a:mozilla:seamonkey:2.19:beta2", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:2.16:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:4.0:beta1", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:firefox:21.0", "cpe:/a:mozilla:thunderbird:13.0.1"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1523", "id": "CVE-2014-1523", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:54:34", "references": ["http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html", "http://www.securitytracker.com/id/1030163", "http://www.ubuntu.com/usn/USN-2189-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html", "http://www.mozilla.org/security/announce/2014/mfsa2014-43.html", "http://www.ubuntu.com/usn/USN-2185-1", "http://www.debian.org/security/2014/dsa-2924", "http://www.securityfocus.com/bid/67137", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=895557", "http://rhn.redhat.com/errata/RHSA-2014-0448.html", "http://www.securitytracker.com/id/1030165", "http://rhn.redhat.com/errata/RHSA-2014-0449.html", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html", "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html", "https://security.gentoo.org/glsa/201504-01", "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html", "http://www.debian.org/security/2014/dsa-2918", "http://www.securitytracker.com/id/1030164", "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"], "edition": 2, "description": "The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.", "reporter": "NVD", "published": "2014-04-30T06:49:05", "title": "CVE-2014-1530", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-1530"], "scanner": [], "modified": "2017-01-06T21:59:37", "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:2.19:beta1", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:seamonkey:2.1:beta2", "cpe:/a:mozilla:firefox:4.0:beta7", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.17", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.9:beta3", "cpe:/a:mozilla:seamonkey:2.1:alpha3", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:4.0:beta10", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:seamonkey:2.20:beta3", "cpe:/a:mozilla:seamonkey:2.4:beta1", "cpe:/a:mozilla:thunderbird:3.1.16", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:seamonkey:2.25:beta2", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:seamonkey:2.12:beta5", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:seamonkey:2.14:beta1", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:seamonkey:2.11:beta1", "cpe:/a:mozilla:seamonkey:2.18:beta2", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:2.13:beta4", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:2.1:alpha1", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:17.0.8", "cpe:/a:mozilla:seamonkey:2.17:beta4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.12:beta1", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.14:beta5", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.15:beta3", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:seamonkey:2.15.2", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:seamonkey:2.1:beta3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:seamonkey:2.25:beta1", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:seamonkey:2.11:beta3", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.7:beta2", "cpe:/a:mozilla:seamonkey:2.13.2", "cpe:/a:mozilla:seamonkey:2.22:beta2", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:4.0:beta6", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:seamonkey:2.7:beta4", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:seamonkey:2.23:beta2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:2.15:beta5", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:2.13.1", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:seamonkey:2.26:rc1", "cpe:/a:mozilla:seamonkey:2.3:beta2", "cpe:/a:mozilla:seamonkey:2.5:beta4", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:seamonkey:2.7:beta5", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:seamonkey:2.13:beta1", "cpe:/a:mozilla:seamonkey:2.11:beta2", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:seamonkey:2.12:beta3", "cpe:/a:mozilla:seamonkey:2.15:beta2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:seamonkey:2.1:rc2", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:seamonkey:2.23", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:4.0:beta12", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:seamonkey:2.9:beta2", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:seamonkey:2.6:beta3", "cpe:/a:mozilla:firefox:4.0:beta4", "cpe:/a:mozilla:thunderbird:15.0.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:seamonkey:2.12", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.2:beta1", "cpe:/a:mozilla:firefox:4.0:beta8", "cpe:/a:mozilla:seamonkey:2.18:beta1", "cpe:/a:mozilla:seamonkey:2.20:beta1", "cpe:/a:mozilla:seamonkey:2.8:beta2", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:seamonkey:2.13:beta2", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:2.16:beta1", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:2.17:beta1", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.16", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:seamonkey:2.3:beta3", "cpe:/a:mozilla:seamonkey:2.15", "cpe:/a:mozilla:seamonkey:2.11:beta6", "cpe:/a:mozilla:seamonkey:2.2:beta2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:seamonkey:2.9:beta1", "cpe:/a:mozilla:seamonkey:2.1:alpha2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:seamonkey:2.5:beta1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:17.0.7", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:2.11:beta5", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.16:beta3", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.24:beta1", "cpe:/a:mozilla:thunderbird:3.1.14", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:seamonkey:2.21:beta1", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:seamonkey:2.11:beta4", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.14:beta4", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:seamonkey:2.12.1", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:2.2:beta3", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:seamonkey:2.16:beta5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:thunderbird:11.0.1", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:seamonkey:2.15:beta1", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:4.0:beta5", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird:16.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:seamonkey:2.5:beta2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:seamonkey:2.25:-", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:2.1:beta1", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:4.0:beta2", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:seamonkey:2.10.1", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.4:beta2", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.12:beta2", "cpe:/a:mozilla:seamonkey:2.13", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:2.10", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.22.1", "cpe:/a:mozilla:seamonkey:2.23:beta1", "cpe:/a:mozilla:thunderbird:3.1.12", "cpe:/a:mozilla:seamonkey:2.8:beta3", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:firefox:4.0:beta11", "cpe:/a:mozilla:seamonkey:2.13:beta6", "cpe:/a:mozilla:thunderbird:3.1.17", "cpe:/a:mozilla:firefox_esr:24.4", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:seamonkey:2.15.1", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:seamonkey:2.22", "cpe:/a:mozilla:seamonkey:2.8:beta6", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.17:beta2", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:4.0:beta3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:2.16:beta4", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:13.0", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:seamonkey:2.10:beta2", "cpe:/a:mozilla:seamonkey:2.16.2", "cpe:/a:mozilla:seamonkey:2.3:beta1", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:firefox:28.0", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:thunderbird:16.0", "cpe:/a:mozilla:seamonkey:2.8:beta5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:2.19", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:3.1.13", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:seamonkey:2.9:beta4", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.15:beta6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:seamonkey:2.14", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:seamonkey:2.8:beta4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.13:beta3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:seamonkey:2.14:beta2", "cpe:/a:mozilla:seamonkey:2.17.1", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:thunderbird:16.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.24", "cpe:/a:mozilla:seamonkey:2.8:beta1", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:2.9.1", "cpe:/a:mozilla:seamonkey:2.5:beta3", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.12:beta6", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:2.15:beta4", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:14.0", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:seamonkey:2.13:beta5", "cpe:/a:mozilla:firefox:4.0:beta9", "cpe:/a:mozilla:seamonkey:2.20", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:seamonkey:2.22:beta1", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:seamonkey:2.25:beta3", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.14:beta3", "cpe:/a:mozilla:thunderbird:3.1.15", "cpe:/a:mozilla:seamonkey:2.18:beta3", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:15.0", "cpe:/a:mozilla:seamonkey:2.6:beta2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:seamonkey:2.12:beta4", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:thunderbird:12.0.1", "cpe:/a:mozilla:seamonkey:2.4:beta3", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:2.7:beta1", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:seamonkey:2.17:beta3", "cpe:/a:mozilla:seamonkey:2.1:rc1", "cpe:/a:mozilla:seamonkey:2.6:beta1", "cpe:/a:mozilla:seamonkey:2.10:beta3", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:seamonkey:2.21:beta2", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:seamonkey:2.18:beta4", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:seamonkey:2.20:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.11", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:2.6:beta4", "cpe:/a:mozilla:seamonkey:2.16.1", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:seamonkey:2.21", "cpe:/a:mozilla:thunderbird:24.4", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:12.0:beta6", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:seamonkey:2.10:beta1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox_esr:24.1.1", "cpe:/a:mozilla:seamonkey:2.7:beta3", "cpe:/a:mozilla:seamonkey:2.19:beta2", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:2.16:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:4.0:beta1", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:firefox:21.0", "cpe:/a:mozilla:thunderbird:13.0.1"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1530", "id": "CVE-2014-1530", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:23", "references": ["https://launchpad.net/bugs/1313464", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1523", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1532", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1492", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1528", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1519", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1518", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1524", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1522", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1529", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1530", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1525", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1531", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1526"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "29.0+build1-0ubuntu0.14.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "29.0+build1-0ubuntu0.12.10.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "29.0+build1-0ubuntu0.13.10.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "29.0+build1-0ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1518, CVE-2014-1519)\n\nAn out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1522)\n\nAbhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523)\n\nAbhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1524)\n\nAbhishek Arya discovered a use-after-free in the Text Track Manager when processing HTML video. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1525)\n\nJukka Jyl\u00e4nki discovered an out-of-bounds write in Cairo when working with canvas in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1528)\n\nMariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. An attacker could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1529)\n\nIt was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. An attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530)\n\nA use-after-free was discovered when resizing images in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1531)\n\nChristian Heimes discovered that NSS did not handle IDNA domain prefixes correctly for wildcard certificates. An attacker could potentially exploit this by using a specially crafted certificate to conduct a man-in-the-middle attack. (CVE-2014-1492)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1532)\n\nBoris Zbarsky discovered that the debugger bypassed XrayWrappers for some objects. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1526)", "edition": 3, "reporter": "Ubuntu", "published": "2014-04-29T00:00:00", "title": "Firefox vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1522", "CVE-2014-1525", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1519", "CVE-2014-1526", "CVE-2014-1518", "CVE-2014-1528"], "modified": "2014-04-29T00:00:00", "id": "USN-2185-1", "href": "https://usn.ubuntu.com/2185-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:55", "references": [], "description": "Protection bypass, memory corruptions, ceritficate spoofing, privilege escalation, crossite scripting.", "edition": 1, "reporter": "MOZILLA", "published": "2014-05-01T00:00:00", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:55", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Firefox", "version": "28.0", "operator": "eq"}, {"name": "Thunderbird", "version": "24.4", "operator": "eq"}, {"name": "Firefox ESR", "version": "24.4", "operator": "eq"}, {"name": "Seamonkey", "version": "2.25", "operator": "eq"}], "cvelist": ["CVE-2014-1530", "CVE-2014-1527", "CVE-2014-1522", "CVE-2014-1525", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1519", "CVE-2014-1515", "CVE-2014-1526", "CVE-2014-1518", "CVE-2014-1528"], "modified": "2014-05-01T00:00:00", "id": "SECURITYVULNS:VULN:13687", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13687", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:50", "references": ["https://www.mozilla.org/security/announce/2014/mfsa2014-37.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-42.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-41.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-47.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-34.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-43.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-44.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-46.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-45.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-36.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-35.html", "http://www.mozilla.org/security/known-vulnerabilities/", "https://www.mozilla.org/security/announce/2014/mfsa2014-38.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-39.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "24.5.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "24.5.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.26", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "29.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "29.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.26", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "24.5.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-esr", "operator": "lt"}], "description": "\nThe Mozilla Project reports:\n\nMFSA 2014-34 Miscellaneous memory safety hazards\n\t (rv:29.0 / rv:24.5)\nMFSA 2014-35 Privilege escalation through Mozilla Maintenance\n\t Service Installer\nMFSA 2014-36 Web Audio memory corruption issues\nMFSA 2014-37 Out of bounds read while decoding JPG images\nMFSA 2014-38 Buffer overflow when using non-XBL object as\n\t XBL\nMFSA 2014-39 Use-after-free in the Text Track Manager\n\t for HTML video\nMFSA 2014-41 Out-of-bounds write in Cairo\nMFSA 2014-42 Privilege escalation through Web Notification\n\t API\nMFSA 2014-43 Cross-site scripting (XSS) using history\n\t navigations\nMFSA 2014-44 Use-after-free in imgLoader while resizing\n\t images\nMFSA 2014-45 Incorrect IDNA domain name matching for\n\t wildcard certificates\nMFSA 2014-46 Use-after-free in nsHostResolve\nMFSA 2014-47 Debugger can bypass XrayWrappers\n\t with JavaScript\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2014-04-29T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1530", "CVE-2014-1527", "CVE-2014-1522", "CVE-2014-1525", "CVE-2014-1523", "CVE-2014-1529", "CVE-2014-1532", "CVE-2014-1531", "CVE-2014-1520", "CVE-2014-1492", "CVE-2014-1524", "CVE-2014-1519", "CVE-2014-1526", "CVE-2014-1518", "CVE-2014-1528"], "modified": "2014-04-29T00:00:00", "id": "985D4D6C-CFBD-11E3-A003-B4B52FCE4CE8", "href": "https://vuxml.freebsd.org/freebsd/985d4d6c-cfbd-11e3-a003-b4b52fce4ce8.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:47", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=989183"], "edition": 1, "description": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a buffer\noverflow when a script uses a non-XBL object as an XBL object because the XBL\nstatus of the object is not properly validated. The resulting memory corruption\nis potentially exploitable. \n\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "reporter": "Mozilla Foundation", "published": "2014-04-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "mozilla", "title": "Buffer overflow when using non-XBL object as XBL", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.26", "operator": "lt"}, {"name": "Thunderbird", "version": "24.5", "operator": "lt"}, {"name": "Firefox ESR", "version": "24.5", "operator": "lt"}, {"name": "Firefox", "version": "29", "operator": "lt"}], "cvelist": ["CVE-2014-1524"], "modified": "2014-04-29T00:00:00", "id": "MFSA2014-38", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-38/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:43", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=987003"], "edition": 1, "description": "Security researcher Mariusz Mlynski discovered an issue\nwhere sites that have been given notification permissions by a user can bypass\nsecurity checks on source components for the Web Notification API. This allows\nfor script to be run in a privileged context through notifications, leading to\narbitrary code execution on these sites.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "reporter": "Mozilla Foundation", "published": "2014-04-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "mozilla", "title": "Privilege escalation through Web Notification API", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.26", "operator": "lt"}, {"name": "Thunderbird", "version": "24.5", "operator": "lt"}, {"name": "Firefox ESR", "version": "24.5", "operator": "lt"}, {"name": "Firefox", "version": "29", "operator": "lt"}], "cvelist": ["CVE-2014-1529"], "modified": "2014-04-29T00:00:00", "id": "MFSA2014-42", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-42/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:51", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=966006"], "description": "Security researchers Tyson Smith and Jesse\nSchwartzentruber of the BlackBerry Security Automated Analysis Team\nused the Address Sanitizer tool while fuzzing to discover a use-after-free\nduring host resolution in some circumstances. This leads to a potentially\nexploitable crash.", "edition": 1, "reporter": "Mozilla Foundation", "published": "2014-04-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "mozilla", "title": "Use-after-free in nsHostResolver", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.26", "operator": "lt"}, {"name": "Thunderbird", "version": "24.5", "operator": "lt"}, {"name": "Firefox ESR", "version": "24.5", "operator": "lt"}, {"name": "Firefox", "version": "29", "operator": "lt"}], "cvelist": ["CVE-2014-1532"], "modified": "2014-04-29T00:00:00", "id": "MFSA2014-46", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-46/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:51", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=895557"], "description": "Mozilla security researcher moz_bug_r_a4 reported a method\nto use browser navigations through history to load a website with that page's\nbaseURI property pointing to that of another site instead of the seemingly\nloaded one. The user will continue to see the incorrect site in the addressbar\nof the browser. This allows for a cross-site scripting (XSS) attack or the theft\nof data through a phishing attack. \n\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "edition": 1, "reporter": "Mozilla Foundation", "published": "2014-04-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "mozilla", "title": "Cross-site scripting (XSS) using history navigations", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.26", "operator": "lt"}, {"name": "Thunderbird", "version": "24.5", "operator": "lt"}, {"name": "Firefox ESR", "version": "24.5", "operator": "lt"}, {"name": "Firefox", "version": "29", "operator": "lt"}], "cvelist": ["CVE-2014-1530"], "modified": "2014-04-29T00:00:00", "id": "MFSA2014-43", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-43/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-05T13:37:39", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=987140"], "edition": 1, "description": "Security researcher Nils discovered a use-after-free error\nin which the imgLoader object is freed while an image is being\nresized. This results in a potentially exploitable crash.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "reporter": "Mozilla Foundation", "published": "2014-04-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "mozilla", "title": "Use-after-free in imgLoader while resizing images", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.26", "operator": "lt"}, {"name": "Thunderbird", "version": "24.5", "operator": "lt"}, {"name": "Firefox ESR", "version": "24.5", "operator": "lt"}, {"name": "Firefox", "version": "29", "operator": "lt"}], "cvelist": ["CVE-2014-1531"], "modified": "2014-04-29T00:00:00", "id": "MFSA2014-44", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-44/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:45", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=969226"], "edition": 1, "description": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a fixed offset\nout of bounds read issue while decoding specifically formatted JPG format\nimages. This causes a non-exploitable crash.", "reporter": "Mozilla Foundation", "published": "2014-04-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "mozilla", "title": "Out of bounds read while decoding JPG images", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.26", "operator": "lt"}, {"name": "Thunderbird", "version": "24.5", "operator": "lt"}, {"name": "Firefox ESR", "version": "24.5", "operator": "lt"}, {"name": "Firefox", "version": "29", "operator": "lt"}], "cvelist": ["CVE-2014-1523"], "modified": "2014-04-29T00:00:00", "id": "MFSA2014-37", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-37/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-05T13:37:43", "references": ["https://bugzilla.mozilla.org/buglist.cgi?bug_id=946658,953104,996883,986864,977955,990794,919592,995607", "https://bugzilla.mozilla.org/buglist.cgi?bug_id=986843,944353,966630,952022,986678,980537,991471,993546,992968"], "edition": 1, "description": "Mozilla developers and community identified identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "reporter": "Mozilla Foundation", "published": "2014-04-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "mozilla", "title": "Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)", "bulletinFamily": "software", "affectedSoftware": [{"name": "SeaMonkey", "version": "2.26", "operator": "lt"}, {"name": "Thunderbird", "version": "24.5", "operator": "lt"}, {"name": "Firefox ESR", "version": "24.5", "operator": "lt"}, {"name": "Firefox", "version": "29", "operator": "lt"}], "cvelist": ["CVE-2014-1519", "CVE-2014-1518"], "modified": "2014-04-29T00:00:00", "id": "MFSA2014-34", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-34/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596", "https://bugs.gentoo.org/show_bug.cgi?id=541316", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576", "https://bugs.gentoo.org/show_bug.cgi?id=512896", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616", "https://bugs.gentoo.org/show_bug.cgi?id=489796", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557", "https://bugs.gentoo.org/show_bug.cgi?id=509050", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612", "https://bugs.gentoo.org/show_bug.cgi?id=491234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485", "https://bugs.gentoo.org/show_bug.cgi?id=525474", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562", "https://bugs.gentoo.org/show_bug.cgi?id=523652", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585", "https://bugs.gentoo.org/show_bug.cgi?id=531408", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578", "https://bugs.gentoo.org/show_bug.cgi?id=500320", "https://bugs.gentoo.org/show_bug.cgi?id=505072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496", "https://bugs.gentoo.org/show_bug.cgi?id=544056", "https://bugs.gentoo.org/show_bug.cgi?id=536564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553", "https://bugs.gentoo.org/show_bug.cgi?id=493850", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519", "https://bugs.gentoo.org/show_bug.cgi?id=522020", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832", "https://bugs.gentoo.org/show_bug.cgi?id=517876", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.10.6", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/nspr", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey-bin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "reporter": "Gentoo Foundation", "published": "2015-04-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "modified": "2015-04-08T00:00:00", "id": "GLSA-201504-01", "href": "https://security.gentoo.org/glsa/201504-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}