ID USN-3544-2 Type ubuntu Reporter Ubuntu Modified 2018-02-12T00:00:00
Description
USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web
compatibility regression and a tab crash during printing in some
circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, spoof the origin in audio capture prompts, trick the user in to
providing HTTP credentials for another origin, spoof the addressbar
contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,
CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,
CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101,
CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114,
CVE-2018-5115, CVE-2018-5117, CVE-2018-5122)
Multiple security issues were discovered in WebExtensions. If a user were
tricked in to installing a specially crafted extension, an attacker could
potentially exploit these to gain additional privileges, bypass
same-origin restrictions, or execute arbitrary code. (CVE-2018-5105,
CVE-2018-5113, CVE-2018-5116)
A security issue was discovered with the developer tools. If a user were
tricked in to opening a specially crafted website with the developer tools
open, an attacker could potentially exploit this to obtain sensitive
information from other origins. (CVE-2018-5106)
A security issue was discovered with printing. An attacker could
potentially exploit this to obtain sensitive information from local files.
(CVE-2018-5107)
It was discovered that manually entered blob URLs could be accessed by
subsequent private browsing tabs. If a user were tricked in to entering
a blob URL, an attacker could potentially exploit this to obtain sensitive
information from a private browsing context. (CVE-2018-5108)
It was discovered that dragging certain specially formatted URLs to the
addressbar could cause the wrong URL to be displayed. If a user were
tricked in to opening a specially crafted website and dragging a URL to
the addressbar, an attacker could potentially exploit this to spoof the
addressbar contents. (CVE-2018-5111)
It was discovered that WebExtension developer tools panels could open
non-relative URLs. If a user were tricked in to installing a specially
crafted extension and running the developer tools, an attacker could
potentially exploit this to gain additional privileges. (CVE-2018-5112)
It was discovered that ActivityStream images can attempt to load local
content through file: URLs. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this in
combination with another vulnerability that allowed sandbox protections to
be bypassed, in order to obtain sensitive information from local files.
(CVE-2018-5118)
It was discovered that the reader view will load cross-origin content in
violation of CORS headers. An attacker could exploit this to bypass CORS
restrictions. (CVE-2018-5119)
{"id": "USN-3544-2", "bulletinFamily": "unix", "title": "Firefox regressions", "description": "USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web \ncompatibility regression and a tab crash during printing in some \ncircumstances. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, spoof the origin in audio capture prompts, trick the user in to \nproviding HTTP credentials for another origin, spoof the addressbar \ncontents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090, \nCVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, \nCVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, \nCVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114, \nCVE-2018-5115, CVE-2018-5117, CVE-2018-5122)\n\nMultiple security issues were discovered in WebExtensions. If a user were \ntricked in to installing a specially crafted extension, an attacker could \npotentially exploit these to gain additional privileges, bypass \nsame-origin restrictions, or execute arbitrary code. (CVE-2018-5105, \nCVE-2018-5113, CVE-2018-5116)\n\nA security issue was discovered with the developer tools. If a user were \ntricked in to opening a specially crafted website with the developer tools \nopen, an attacker could potentially exploit this to obtain sensitive \ninformation from other origins. (CVE-2018-5106)\n\nA security issue was discovered with printing. An attacker could \npotentially exploit this to obtain sensitive information from local files. \n(CVE-2018-5107)\n\nIt was discovered that manually entered blob URLs could be accessed by \nsubsequent private browsing tabs. If a user were tricked in to entering \na blob URL, an attacker could potentially exploit this to obtain sensitive \ninformation from a private browsing context. (CVE-2018-5108)\n\nIt was discovered that dragging certain specially formatted URLs to the \naddressbar could cause the wrong URL to be displayed. If a user were \ntricked in to opening a specially crafted website and dragging a URL to \nthe addressbar, an attacker could potentially exploit this to spoof the \naddressbar contents. (CVE-2018-5111)\n\nIt was discovered that WebExtension developer tools panels could open \nnon-relative URLs. If a user were tricked in to installing a specially \ncrafted extension and running the developer tools, an attacker could \npotentially exploit this to gain additional privileges. (CVE-2018-5112)\n\nIt was discovered that ActivityStream images can attempt to load local \ncontent through file: URLs. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this in \ncombination with another vulnerability that allowed sandbox protections to \nbe bypassed, in order to obtain sensitive information from local files. \n(CVE-2018-5118)\n\nIt was discovered that the reader view will load cross-origin content in \nviolation of CORS headers. An attacker could exploit this to bypass CORS \nrestrictions. (CVE-2018-5119)", "published": "2018-02-12T00:00:00", "modified": "2018-02-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://ubuntu.com/security/notices/USN-3544-2", "reporter": "Ubuntu", "references": ["https://launchpad.net/bugs/1749025"], "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "type": "ubuntu", "lastseen": "2020-07-02T11:33:00", "edition": 7, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310851687", "OPENVAS:1361412562310910005", "OPENVAS:1361412562310843447", "OPENVAS:1361412562310812670", "OPENVAS:1361412562311220181044", "OPENVAS:1361412562310812669", "OPENVAS:1361412562310812668", "OPENVAS:1361412562311220181043", "OPENVAS:1361412562310882834", "OPENVAS:1361412562310843432"]}, {"type": "ubuntu", "idList": ["USN-3544-1", "USN-3529-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3544-2.NASL", "MOZILLA_FIREFOX_52_6_ESR.NASL", "FREEBSD_PKG_A891C5B43D7A4DE99C71EEF3FD698C77.NASL", "DEBIAN_DLA-1256.NASL", "MOZILLA_FIREFOX_58_0.NASL", "MACOSX_FIREFOX_58_0.NASL", "UBUNTU_USN-3544-1.NASL", "SUSE_SU-2018-0361-1.NASL", "ORACLELINUX_ELSA-2018-0122.NASL", "SL_20180124_FIREFOX_ON_SL6_X.NASL"]}, {"type": "freebsd", "idList": ["A891C5B4-3D7A-4DE9-9C71-EEF3FD698C77"]}, {"type": "kaspersky", "idList": ["KLA11184", "KLA11186"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0361-1", "OPENSUSE-SU-2018:0256-1", "OPENSUSE-SU-2018:0257-1", "SUSE-SU-2018:0374-1", "OPENSUSE-SU-2018:0203-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0262", "ELSA-2018-0122"]}, {"type": "redhat", "idList": ["RHSA-2018:0122", "RHSA-2018:0262"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1262-1:ADF42", "DEBIAN:DSA-4102-1:E4889", "DEBIAN:DSA-4096-1:61DE9", "DEBIAN:DLA-1256-1:43AD2"]}, {"type": "centos", "idList": ["CESA-2018:0122", "CESA-2018:0262"]}, {"type": "cve", "idList": ["CVE-2018-5111", "CVE-2018-5113", "CVE-2018-5091", "CVE-2018-5101", "CVE-2018-5115", "CVE-2018-5090", "CVE-2018-5112", "CVE-2018-5100", "CVE-2018-5109", "CVE-2018-5092"]}], "modified": "2020-07-02T11:33:00", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2020-07-02T11:33:00", "rev": 2}, "vulnersScore": 7.7}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "17.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "firefox", "packageVersion": "58.0.2+build1-0ubuntu0.17.10.1"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "firefox", "packageVersion": "58.0.2+build1-0ubuntu0.14.04.1"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "firefox", "packageVersion": "58.0.2+build1-0ubuntu0.16.04.1"}], "scheme": null}
{"openvas": [{"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-02-14T00:00:00", "id": "OPENVAS:1361412562310843447", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843447", "type": "openvas", "title": "Ubuntu Update for firefox USN-3544-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3544_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for firefox USN-3544-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843447\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-14 08:39:47 +0100 (Wed, 14 Feb 2018)\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5090\", \"CVE-2018-5091\", \"CVE-2018-5092\",\n \"CVE-2018-5093\", \"CVE-2018-5094\", \"CVE-2018-5095\", \"CVE-2018-5097\",\n \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5100\", \"CVE-2018-5101\",\n \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5109\",\n \"CVE-2018-5114\", \"CVE-2018-5115\", \"CVE-2018-5117\", \"CVE-2018-5122\",\n \"CVE-2018-5105\", \"CVE-2018-5113\", \"CVE-2018-5116\", \"CVE-2018-5106\",\n \"CVE-2018-5107\", \"CVE-2018-5108\", \"CVE-2018-5111\", \"CVE-2018-5112\",\n \"CVE-2018-5118\", \"CVE-2018-5119\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3544-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3544-1 fixed vulnerabilities in Firefox.\n The update caused a web compatibility regression and a tab crash during printing\n in some circumstances. This update fixes the problem. We apologize for the\n inconvenience. Original advisory details: Multiple security issues were\n discovered in Firefox. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit these to cause a denial of\n service via application crash, spoof the origin in audio capture prompts, trick\n the user in to providing HTTP credentials for another origin, spoof the\n addressbar contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,\n CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,\n CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101,\n CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114,\n CVE-2018-5115, CVE-2018-5117, CVE-2018-5122) Multiple security issues were\n discovered in WebExtensions. If a user were tricked in to installing a specially\n crafted extension, an attacker could potentially exploit these to gain\n additional privileges, bypass same-origin restrictions, or execute arbitrary\n code. (CVE-2018-5105, CVE-2018-5113, CVE-2018-5116) A security issue was\n discovered with the developer tools. If a user were tricked in to opening a\n specially crafted website with the developer tools open, an attacker could\n potentially exploit this to obtain sensitive information from other origins.\n (CVE-2018-5106) A security issue was discovered with printing. An attacker could\n potentially exploit this to obtain sensitive information from local files.\n (CVE-2018-5107) It was discovered that manually entered blob URLs could be\n accessed by subsequent private browsing tabs. If a user were tricked in to\n entering a blob URL, an attacker could potentially exploit this to obtain\n sensitive information from a private browsing context. (CVE-2018-5108) It was\n discovered that dragging certain specially formatted URLs to the addressbar\n could cause the wrong URL to be displayed. If a user were tricked in to opening\n a specially crafted website and dragging a URL to the addressbar, an attacker\n could potentially exploit this to spoof the addressbar contents. (CVE-2018-5111)\n It was discovered that WebExtension developer tools panels could open\n non-relative URLs. If a user were tricked in to installing a specially crafted\n extension and running the developer tools, an attacker could potentially exploit\n this to gain additional privileges. (CVE-2018-5112) It was discovered that\n ActivityStream images ... Description truncated, for more information please\n check the Reference URL\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3544-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3544-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"58.0.2+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"58.0.2+build1-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"58.0.2+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-01-25T00:00:00", "id": "OPENVAS:1361412562310843432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843432", "type": "openvas", "title": "Ubuntu Update for firefox USN-3544-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3544_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for firefox USN-3544-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843432\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 07:53:36 +0100 (Thu, 25 Jan 2018)\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5090\", \"CVE-2018-5091\", \"CVE-2018-5092\",\n \"CVE-2018-5093\", \"CVE-2018-5094\", \"CVE-2018-5095\", \"CVE-2018-5097\",\n \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5100\", \"CVE-2018-5101\",\n \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5109\",\n \"CVE-2018-5114\", \"CVE-2018-5115\", \"CVE-2018-5117\", \"CVE-2018-5122\",\n \"CVE-2018-5105\", \"CVE-2018-5113\", \"CVE-2018-5116\", \"CVE-2018-5106\",\n \"CVE-2018-5107\", \"CVE-2018-5108\", \"CVE-2018-5111\", \"CVE-2018-5112\",\n \"CVE-2018-5118\", \"CVE-2018-5119\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3544-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n Firefox. If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit these to cause a denial of service via\n application crash, spoof the origin in audio capture prompts, trick the user in\n to providing HTTP credentials for another origin, spoof the addressbar contents,\n or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090, CVE-2018-5091,\n CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, CVE-2018-5097,\n CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102,\n CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115,\n CVE-2018-5117, CVE-2018-5122) Multiple security issues were discovered in\n WebExtensions. If a user were tricked in to installing a specially crafted\n extension, an attacker could potentially exploit these to gain additional\n privileges, bypass same-origin restrictions, or execute arbitrary code.\n (CVE-2018-5105, CVE-2018-5113, CVE-2018-5116) A security issue was discovered\n with the developer tools. If a user were tricked in to opening a specially\n crafted website with the developer tools open, an attacker could potentially\n exploit this to obtain sensitive information from other origins. (CVE-2018-5106)\n A security issue was discovered with printing. An attacker could potentially\n exploit this to obtain sensitive information from local files. (CVE-2018-5107)\n It was discovered that manually entered blob URLs could be accessed by\n subsequent private browsing tabs. If a user were tricked in to entering a blob\n URL, an attacker could potentially exploit this to obtain sensitive information\n from a private browsing context. (CVE-2018-5108) It was discovered that dragging\n certain specially formatted URLs to the addressbar could cause the wrong URL to\n be displayed. If a user were tricked in to opening a specially crafted website\n and dragging a URL to the addressbar, an attacker could potentially exploit this\n to spoof the addressbar contents. (CVE-2018-5111) It was discovered that\n WebExtension developer tools panels could open non-relative URLs. If a user were\n tricked in to installing a specially crafted extension and running the developer\n tools, an attacker could potentially exploit this to gain additional privileges.\n (CVE-2018-5112) It was discovered that ActivityStream images can attempt to load\n local content through file: URLs. If a user were tricked in to opening a\n specially crafted website, an attacker could potentially exploit this in\n combination with another vulnerability that allowed sandbox protections to be b\n ... Description truncated, for more information please check the Reference\n URL\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3544-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3544-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"58.0+build6-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"58.0+build6-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"58.0+build6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T21:58:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2018-01-24T00:00:00", "id": "OPENVAS:1361412562310812668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812668", "type": "openvas", "title": "Mozilla Firefox Security Updates( mfsa_2018-02_2018-03 )-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates( mfsa_2018-02_2018-03 )-Windows\n#\n# Authors:\n# Shakeel <bshakeeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812668\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2018-5091\", \"CVE-2018-5092\", \"CVE-2018-5093\", \"CVE-2018-5094\",\n \"CVE-2018-5095\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\",\n \"CVE-2018-5100\", \"CVE-2018-5101\", \"CVE-2018-5102\", \"CVE-2018-5103\",\n \"CVE-2018-5104\", \"CVE-2018-5105\", \"CVE-2018-5106\", \"CVE-2018-5107\",\n \"CVE-2018-5108\", \"CVE-2018-5109\", \"CVE-2018-5089\", \"CVE-2018-5111\",\n \"CVE-2018-5112\", \"CVE-2018-5113\", \"CVE-2018-5114\", \"CVE-2018-5115\",\n \"CVE-2018-5116\", \"CVE-2018-5117\", \"CVE-2018-5118\", \"CVE-2018-5119\",\n \"CVE-2018-5122\", \"CVE-2018-5090\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 12:34:50 +0530 (Wed, 24 Jan 2018)\");\n script_name(\"Mozilla Firefox Security Updates( mfsa_2018-02_2018-03 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple Use-after-free errors, buffer overflow errors, memory safety bugs\n and integer overflow errors.\n\n - WebExtensions can save and execute files on local file system without user prompts.\n\n - Developer Tools can expose style editor information cross-origin through service worker.\n\n - Printing process will follow symlinks for local file access.\n\n - Manually entered blob URL can be accessed by subsequent private browsing tabs.\n\n - Audio capture prompts and starts with incorrect origin attribution.\n\n - URL spoofing in addressbar through drag and drop.\n\n - Extension development tools panel can open a non-relative URL in the panel.\n\n - WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow.\n\n - The old value of a cookie changed to HttpOnly remains accessible to scripts.\n\n - Background network requests can open HTTP authentication in unrelated foreground tabs.\n\n - WebExtension ActiveTab permission allows cross-origin frame content access.\n\n - URL spoofing with right-to-left text aligned left-to-right.\n\n - Activity Stream images can attempt to load local content through file:.\n\n - Reader view will load cross-origin content in violation of CORS headers.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow remote attackers to execute arbitrary code on affected system or\n conduct a denial-of-service condition, gain escalated privileges, gain access\n to sensitive data, conduct phishing attacks, make use of old cookie value,\n get cross-origin frame content access, conduct spoofing and domain name spoofing\n attacks.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 58 on\n Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 58\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"58\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"58\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T21:58:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5121", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5110", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2018-01-24T00:00:00", "id": "OPENVAS:1361412562310812669", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812669", "type": "openvas", "title": "Mozilla Firefox Security Updates( mfsa_2018-02_2018-03 )-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates( mfsa_2018-02_2018-03 )-MAC OS X\n#\n# Authors:\n# Shakeel <bshakeeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812669\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2018-5091\", \"CVE-2018-5092\", \"CVE-2018-5093\", \"CVE-2018-5094\",\n \"CVE-2018-5095\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\",\n \"CVE-2018-5100\", \"CVE-2018-5101\", \"CVE-2018-5102\", \"CVE-2018-5103\",\n \"CVE-2018-5104\", \"CVE-2018-5105\", \"CVE-2018-5106\", \"CVE-2018-5107\",\n \"CVE-2018-5108\", \"CVE-2018-5109\", \"CVE-2018-5110\", \"CVE-2018-5111\",\n \"CVE-2018-5112\", \"CVE-2018-5113\", \"CVE-2018-5114\", \"CVE-2018-5115\",\n \"CVE-2018-5116\", \"CVE-2018-5117\", \"CVE-2018-5118\", \"CVE-2018-5119\",\n \"CVE-2018-5121\", \"CVE-2018-5122\", \"CVE-2018-5090\", \"CVE-2018-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 12:35:29 +0530 (Wed, 24 Jan 2018)\");\n script_name(\"Mozilla Firefox Security Updates( mfsa_2018-02_2018-03 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple Use-after-free errors, buffer overflow errors, memory safety bugs\n and integer overflow errors.\n\n - WebExtensions can save and execute files on local file system without user prompts.\n\n - Developer Tools can expose style editor information cross-origin through service worker.\n\n - Printing process will follow symlinks for local file access.\n\n - Manually entered blob URL can be accessed by subsequent private browsing tabs.\n\n - Audio capture prompts and starts with incorrect origin attribution.\n\n - Cursor can be made invisible on OS X.\n\n - URL spoofing in addressbar through drag and drop.\n\n - Extension development tools panel can open a non-relative URL in the panel.\n\n - WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow.\n\n - The old value of a cookie changed to HttpOnly remains accessible to scripts.\n\n - Background network requests can open HTTP authentication in unrelated foreground tabs.\n\n - WebExtension ActiveTab permission allows cross-origin frame content access.\n\n - URL spoofing with right-to-left text aligned left-to-right.\n\n - Activity Stream images can attempt to load local content through file:.\n\n - Reader view will load cross-origin content in violation of CORS headers.\n\n - OS X Tibetan characters render incompletely in the addressbar.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow remote attackers to execute arbitrary code on affected system or\n conduct a denial-of-service condition, gain escalated privileges, gain access\n to sensitive data, conduct phishing attacks, make use of old cookie value,\n get cross-origin frame content access, conduct spoofing and domain name spoofing\n attacks.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 58 on\n MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 58\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nffVer = infos['version'];\nffPath = infos['location'];\n\nif(version_is_less(version:ffVer, test_version:\"58\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"58\", install_path:ffPath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:33:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-01-25T00:00:00", "id": "OPENVAS:1361412562310851687", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851687", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2018:0203-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851687\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 07:54:58 +0100 (Thu, 25 Jan 2018)\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\",\n \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\",\n \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2018:0203-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox fixes the following issues:\n\n - update to Firefox 52.6esr (boo#1077291) MFSA 2018-01\n\n * Speculative execution side-channel attack ('Spectre') MFSA 2018-03\n\n * CVE-2018-5091 (bmo#1423086) Use-after-free with DTMF timers\n\n * CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during\n edge builder allocation\n\n * CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements\n\n * CVE-2018-5097 (bmo#1387427) Use-after-free when source document is\n manipulated during XSLT\n\n * CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form\n input elements\n\n * CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener\n\n * CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements\n\n * CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling\n\n * CVE-2018-5104 (bmo#1425000) Use-after-free during font face\n manipulation\n\n * CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text\n aligned left-to-right\n\n * CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR\n 52.6\n\n - Added additional patches and configurations to fix builds on s390 and\n PowerPC.\n\n * Added firefox-glibc-getrandom.patch effecting builds on s390 and\n PowerPC\n\n * Added mozilla-s390-bigendian.patch along with icudt58b.dat bigendian\n ICU data file for running Firefox on bigendian architectures\n (bmo#1322212 and bmo#1264836)\n\n * Added mozilla-s390-nojit.patch to enable atomic operations used by the\n JS engine when JIT is disabled on s390\n\n * Build configuration options specific to s390\n\n * Requires NSS = 3.29.5\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:0203-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.6~57.30.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.6~57.30.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.6~57.30.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.6~57.30.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.6~57.30.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.6~57.30.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.6~57.30.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.6~57.30.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.6~75.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.6~75.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.6~75.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.6~75.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.6~75.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.6~75.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.6~75.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.6~75.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:08:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "Several security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code or denial\nof service.", "modified": "2020-01-29T00:00:00", "published": "2018-01-31T00:00:00", "id": "OPENVAS:1361412562310891256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891256", "type": "openvas", "title": "Debian LTS: Security Advisory for firefox-esr (DLA-1256-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891256\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_name(\"Debian LTS: Security Advisory for firefox-esr (DLA-1256-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 00:00:00 +0100 (Wed, 31 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"firefox-esr on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n52.6.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n\n script_tag(name:\"summary\", value:\"Several security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code or denial\nof service.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cak\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ka\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kab\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cak\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ka\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kab\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"52.6.0esr-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2018-01-26T00:00:00", "id": "OPENVAS:1361412562310882834", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882834", "type": "openvas", "title": "CentOS Update for firefox CESA-2018:0122 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0122_firefox_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for firefox CESA-2018:0122 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882834\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-26 07:45:28 +0100 (Fri, 26 Jan 2018)\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\",\n \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\",\n \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2018:0122 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,\nCVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,\nCVE-2018-5104, CVE-2018-5117)\n\n * To mitigate timing-based side-channel attacks similar to 'Spectre' and\n'Meltdown', the resolution of performance.now() has been reduced from 5s\nto 20s.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan\nFroyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos\nlvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan,\nLudovic Hirlimann, Jason Orendorff, Looben Yang, Anonymous, Nils, and\nXisigr as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:0122\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-January/022717.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.6.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "Multiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code, denial of service or URL spoofing.", "modified": "2019-07-04T00:00:00", "published": "2018-01-30T00:00:00", "id": "OPENVAS:1361412562310704102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704102", "type": "openvas", "title": "Debian Security Advisory DSA 4102-1 (thunderbird - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4102-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704102\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_name(\"Debian Security Advisory DSA 4102-1 (thunderbird - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-30 00:00:00 +0100 (Tue, 30 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4102.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"thunderbird on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 1:52.6.0-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:52.6.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/thunderbird\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code, denial of service or URL spoofing.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-dsb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hsb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-kab\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ast\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-dsb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hsb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-kab\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:52.6.0-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-dsb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hsb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-kab\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ast\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-dsb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hsb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-kab\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ar\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ast\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-be\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bg\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-bn-bd\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-br\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ca\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cs\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-cy\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-da\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-de\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-dsb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-el\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-en-gb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-ar\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-es-es\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-et\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-eu\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fi\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-fy-nl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ga-ie\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gd\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-gl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-he\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hsb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hu\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-hy-am\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-id\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-is\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-it\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ja\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-kab\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ko\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-lt\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nb-no\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-nn-no\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pa-in\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-br\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-pt-pt\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-rm\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ro\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ru\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-si\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sq\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-sv-se\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-ta-lk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-tr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-uk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-vi\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-cn\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lightning-l10n-zh-tw\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-dbg\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-all\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ar\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ast\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-be\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bg\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-bn-bd\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-br\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ca\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-cs\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-da\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-de\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-dsb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-el\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-en-gb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-ar\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-es-es\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-et\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-eu\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fi\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-fy-nl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ga-ie\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gd\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-gl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-he\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hsb\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hu\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-hy-am\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-id\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-is\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-it\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ja\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-kab\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ko\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-lt\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nb-no\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-nn-no\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pa-in\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-br\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-pt-pt\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-rm\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ro\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ru\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-si\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sl\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sq\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-sv-se\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-ta-lk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-tr\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-uk\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-vi\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-cn\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"thunderbird-l10n-zh-tw\", ver:\"1:52.6.0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181044", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2018-1044)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1044\");\n script_version(\"2020-01-23T11:10:02+0000\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:10:02 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:10:02 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2018-1044)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1044\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1044\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2018-1044 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.6.0~1.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2018-01-25T00:00:00", "id": "OPENVAS:1361412562310910005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310910005", "type": "openvas", "title": "RedHat Update for firefox RHSA-2018:0122-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2018_0122-01_firefox.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for firefox RHSA-2018:0122-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.910005\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 07:52:56 +0100 (Thu, 25 Jan 2018)\");\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\",\n \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\",\n \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2018:0122-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,\nCVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,\nCVE-2018-5104, CVE-2018-5117)\n\n * To mitigate timing-based side-channel attacks similar to 'Spectre' and\n'Meltdown', the resolution of performance.now() has been reduced from 5s\nto 20s.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan\nFroyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos\nlvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan,\nLudovic Hirlimann, Jason Orendorff, Looben Yang, Anonymous, Nils, and\nXisigr as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2018:0122-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2018-January/msg00078.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.6.0~1.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~52.6.0~1.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.6.0~1.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~52.6.0~1.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "description": "Multiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, spoof the origin in audio capture prompts, trick the user in to \nproviding HTTP credentials for another origin, spoof the addressbar \ncontents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090, \nCVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, \nCVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, \nCVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5109, CVE-2018-5114, \nCVE-2018-5115, CVE-2018-5117, CVE-2018-5122)\n\nMultiple security issues were discovered in WebExtensions. If a user were \ntricked in to installing a specially crafted extension, an attacker could \npotentially exploit these to gain additional privileges, bypass \nsame-origin restrictions, or execute arbitrary code. (CVE-2018-5105, \nCVE-2018-5113, CVE-2018-5116)\n\nA security issue was discovered with the developer tools. If a user were \ntricked in to opening a specially crafted website with the developer tools \nopen, an attacker could potentially exploit this to obtain sensitive \ninformation from other origins. (CVE-2018-5106)\n\nA security issue was discovered with printing. An attacker could \npotentially exploit this to obtain sensitive information from local files. \n(CVE-2018-5107)\n\nIt was discovered that manually entered blob URLs could be accessed by \nsubsequent private browsing tabs. If a user were tricked in to entering \na blob URL, an attacker could potentially exploit this to obtain sensitive \ninformation from a private browsing context. (CVE-2018-5108)\n\nIt was discovered that dragging certain specially formatted URLs to the \naddressbar could cause the wrong URL to be displayed. If a user were \ntricked in to opening a specially crafted website and dragging a URL to \nthe addressbar, an attacker could potentially exploit this to spoof the \naddressbar contents. (CVE-2018-5111)\n\nIt was discovered that WebExtension developer tools panels could open \nnon-relative URLs. If a user were tricked in to installing a specially \ncrafted extension and running the developer tools, an attacker could \npotentially exploit this to gain additional privileges. (CVE-2018-5112)\n\nIt was discovered that ActivityStream images can attempt to load local \ncontent through file: URLs. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this in \ncombination with another vulnerability that allowed sandbox protections to \nbe bypassed, in order to obtain sensitive information from local files. \n(CVE-2018-5118)\n\nIt was discovered that the reader view will load cross-origin content in \nviolation of CORS headers. An attacker could exploit this to bypass CORS \nrestrictions. (CVE-2018-5119)", "edition": 7, "modified": "2018-01-24T00:00:00", "published": "2018-01-24T00:00:00", "id": "USN-3544-1", "href": "https://ubuntu.com/security/notices/USN-3544-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7847", "CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2017-7848", "CVE-2017-7829", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2017-7846", "CVE-2018-5099"], "description": "It was discovered that a From address encoded with a null character is \ncut off in the message header display. An attacker could potentially \nexploit this to spoof the sender address. (CVE-2017-7829)\n\nIt was discovered that it is possible to execute JavaScript in RSS feeds \nin some circumstances. If a user were tricked in to opening a specially \ncrafted RSS feed, an attacker could potentially exploit this in \ncombination with another vulnerability, in order to cause unspecified \nproblems. (CVE-2017-7846)\n\nIt was discovered that the RSS feed can leak local path names. If a user \nwere tricked in to opening a specially crafted RSS feed, an attacker \ncould potentially exploit this to obtain sensitive information. \n(CVE-2017-7847)\n\nIt was discovered that RSS feeds are vulnerable to new line injection. If \na user were tricked in to opening a specially crafted RSS feed, an \nattacker could potentially exploit this to cause unspecified problems. \n(CVE-2017-7848)\n\nMultiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted website in a browsing context, \nan attacker could potentially exploit these to cause a denial of service, \nexecute arbitrary code, or cause other unspecified effects. \n(CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, \nCVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, \nCVE-2018-5117)", "edition": 7, "modified": "2018-01-29T00:00:00", "published": "2018-01-29T00:00:00", "id": "USN-3529-1", "href": "https://ubuntu.com/security/notices/USN-3529-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-02-01T07:24:35", "description": "Multiple security issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, spoof the origin in audio capture prompts, trick the user in to\nproviding HTTP credentials for another origin, spoof the addressbar\ncontents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,\nCVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094,\nCVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099,\nCVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103,\nCVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115,\nCVE-2018-5117, CVE-2018-5122)\n\nMultiple security issues were discovered in WebExtensions. If a user\nwere tricked in to installing a specially crafted extension, an\nattacker could potentially exploit these to gain additional\nprivileges, bypass same-origin restrictions, or execute arbitrary\ncode. (CVE-2018-5105, CVE-2018-5113, CVE-2018-5116)\n\nA security issue was discovered with the developer tools. If a user\nwere tricked in to opening a specially crafted website with the\ndeveloper tools open, an attacker could potentially exploit this to\nobtain sensitive information from other origins. (CVE-2018-5106)\n\nA security issue was discovered with printing. An attacker could\npotentially exploit this to obtain sensitive information from local\nfiles. (CVE-2018-5107)\n\nIt was discovered that manually entered blob URLs could be accessed by\nsubsequent private browsing tabs. If a user were tricked in to\nentering a blob URL, an attacker could potentially exploit this to\nobtain sensitive information from a private browsing context.\n(CVE-2018-5108)\n\nIt was discovered that dragging certain specially formatted URLs to\nthe addressbar could cause the wrong URL to be displayed. If a user\nwere tricked in to opening a specially crafted website and dragging a\nURL to the addressbar, an attacker could potentially exploit this to\nspoof the addressbar contents. (CVE-2018-5111)\n\nIt was discovered that WebExtension developer tools panels could open\nnon-relative URLs. If a user were tricked in to installing a specially\ncrafted extension and running the developer tools, an attacker could\npotentially exploit this to gain additional privileges.\n(CVE-2018-5112)\n\nIt was discovered that ActivityStream images can attempt to load local\ncontent through file: URLs. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nin combination with another vulnerability that allowed sandbox\nprotections to be bypassed, in order to obtain sensitive information\nfrom local files. (CVE-2018-5118)\n\nIt was discovered that the reader view will load cross-origin content\nin violation of CORS headers. An attacker could exploit this to bypass\nCORS restrictions. (CVE-2018-5119).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 32, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-25T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox vulnerabilities (USN-3544-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3544-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106347", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3544-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106347);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5090\", \"CVE-2018-5091\", \"CVE-2018-5092\", \"CVE-2018-5093\", \"CVE-2018-5094\", \"CVE-2018-5095\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5100\", \"CVE-2018-5101\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5105\", \"CVE-2018-5106\", \"CVE-2018-5107\", \"CVE-2018-5108\", \"CVE-2018-5109\", \"CVE-2018-5111\", \"CVE-2018-5112\", \"CVE-2018-5113\", \"CVE-2018-5114\", \"CVE-2018-5115\", \"CVE-2018-5116\", \"CVE-2018-5117\", \"CVE-2018-5118\", \"CVE-2018-5119\", \"CVE-2018-5122\");\n script_xref(name:\"USN\", value:\"3544-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox vulnerabilities (USN-3544-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, spoof the origin in audio capture prompts, trick the user in to\nproviding HTTP credentials for another origin, spoof the addressbar\ncontents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,\nCVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094,\nCVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099,\nCVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103,\nCVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115,\nCVE-2018-5117, CVE-2018-5122)\n\nMultiple security issues were discovered in WebExtensions. If a user\nwere tricked in to installing a specially crafted extension, an\nattacker could potentially exploit these to gain additional\nprivileges, bypass same-origin restrictions, or execute arbitrary\ncode. (CVE-2018-5105, CVE-2018-5113, CVE-2018-5116)\n\nA security issue was discovered with the developer tools. If a user\nwere tricked in to opening a specially crafted website with the\ndeveloper tools open, an attacker could potentially exploit this to\nobtain sensitive information from other origins. (CVE-2018-5106)\n\nA security issue was discovered with printing. An attacker could\npotentially exploit this to obtain sensitive information from local\nfiles. (CVE-2018-5107)\n\nIt was discovered that manually entered blob URLs could be accessed by\nsubsequent private browsing tabs. If a user were tricked in to\nentering a blob URL, an attacker could potentially exploit this to\nobtain sensitive information from a private browsing context.\n(CVE-2018-5108)\n\nIt was discovered that dragging certain specially formatted URLs to\nthe addressbar could cause the wrong URL to be displayed. If a user\nwere tricked in to opening a specially crafted website and dragging a\nURL to the addressbar, an attacker could potentially exploit this to\nspoof the addressbar contents. (CVE-2018-5111)\n\nIt was discovered that WebExtension developer tools panels could open\nnon-relative URLs. If a user were tricked in to installing a specially\ncrafted extension and running the developer tools, an attacker could\npotentially exploit this to gain additional privileges.\n(CVE-2018-5112)\n\nIt was discovered that ActivityStream images can attempt to load local\ncontent through file: URLs. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nin combination with another vulnerability that allowed sandbox\nprotections to be bypassed, in order to obtain sensitive information\nfrom local files. (CVE-2018-5118)\n\nIt was discovered that the reader view will load cross-origin content\nin violation of CORS headers. An attacker could exploit this to bypass\nCORS restrictions. (CVE-2018-5119).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3544-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"58.0+build6-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"58.0+build6-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"firefox\", pkgver:\"58.0+build6-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:24:35", "description": "USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web\ncompatibility regression and a tab crash during printing in some\ncircumstances. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nMultiple security issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, spoof the origin in audio capture prompts, trick the user in to\nproviding HTTP credentials for another origin, spoof the addressbar\ncontents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,\nCVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094,\nCVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099,\nCVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103,\nCVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115,\nCVE-2018-5117, CVE-2018-5122)\n\nMultiple security issues were discovered in WebExtensions.\nIf a user were tricked in to installing a specially crafted\nextension, an attacker could potentially exploit these to\ngain additional privileges, bypass same-origin restrictions,\nor execute arbitrary code. (CVE-2018-5105, CVE-2018-5113,\nCVE-2018-5116)\n\nA security issue was discovered with the developer tools. If\na user were tricked in to opening a specially crafted\nwebsite with the developer tools open, an attacker could\npotentially exploit this to obtain sensitive information\nfrom other origins. (CVE-2018-5106)\n\nA security issue was discovered with printing. An attacker\ncould potentially exploit this to obtain sensitive\ninformation from local files. (CVE-2018-5107)\n\nIt was discovered that manually entered blob URLs could be\naccessed by subsequent private browsing tabs. If a user were\ntricked in to entering a blob URL, an attacker could\npotentially exploit this to obtain sensitive information\nfrom a private browsing context. (CVE-2018-5108)\n\nIt was discovered that dragging certain specially formatted\nURLs to the addressbar could cause the wrong URL to be\ndisplayed. If a user were tricked in to opening a specially\ncrafted website and dragging a URL to the addressbar, an\nattacker could potentially exploit this to spoof the\naddressbar contents. (CVE-2018-5111)\n\nIt was discovered that WebExtension developer tools panels\ncould open non-relative URLs. If a user were tricked in to\ninstalling a specially crafted extension and running the\ndeveloper tools, an attacker could potentially exploit this\nto gain additional privileges. (CVE-2018-5112)\n\nIt was discovered that ActivityStream images can attempt to\nload local content through file: URLs. If a user were\ntricked in to opening a specially crafted website, an\nattacker could potentially exploit this in combination with\nanother vulnerability that allowed sandbox protections to be\nbypassed, in order to obtain sensitive information from\nlocal files. (CVE-2018-5118)\n\nIt was discovered that the reader view will load\ncross-origin content in violation of CORS headers. An\nattacker could exploit this to bypass CORS restrictions.\n(CVE-2018-5119).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox regressions (USN-3544-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3544-2.NASL", "href": "https://www.tenable.com/plugins/nessus/106790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3544-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106790);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5090\", \"CVE-2018-5091\", \"CVE-2018-5092\", \"CVE-2018-5093\", \"CVE-2018-5094\", \"CVE-2018-5095\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5100\", \"CVE-2018-5101\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5105\", \"CVE-2018-5106\", \"CVE-2018-5107\", \"CVE-2018-5108\", \"CVE-2018-5109\", \"CVE-2018-5111\", \"CVE-2018-5112\", \"CVE-2018-5113\", \"CVE-2018-5114\", \"CVE-2018-5115\", \"CVE-2018-5116\", \"CVE-2018-5117\", \"CVE-2018-5118\", \"CVE-2018-5119\", \"CVE-2018-5122\");\n script_xref(name:\"USN\", value:\"3544-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox regressions (USN-3544-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web\ncompatibility regression and a tab crash during printing in some\ncircumstances. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nMultiple security issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, spoof the origin in audio capture prompts, trick the user in to\nproviding HTTP credentials for another origin, spoof the addressbar\ncontents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,\nCVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094,\nCVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099,\nCVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103,\nCVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115,\nCVE-2018-5117, CVE-2018-5122)\n\nMultiple security issues were discovered in WebExtensions.\nIf a user were tricked in to installing a specially crafted\nextension, an attacker could potentially exploit these to\ngain additional privileges, bypass same-origin restrictions,\nor execute arbitrary code. (CVE-2018-5105, CVE-2018-5113,\nCVE-2018-5116)\n\nA security issue was discovered with the developer tools. If\na user were tricked in to opening a specially crafted\nwebsite with the developer tools open, an attacker could\npotentially exploit this to obtain sensitive information\nfrom other origins. (CVE-2018-5106)\n\nA security issue was discovered with printing. An attacker\ncould potentially exploit this to obtain sensitive\ninformation from local files. (CVE-2018-5107)\n\nIt was discovered that manually entered blob URLs could be\naccessed by subsequent private browsing tabs. If a user were\ntricked in to entering a blob URL, an attacker could\npotentially exploit this to obtain sensitive information\nfrom a private browsing context. (CVE-2018-5108)\n\nIt was discovered that dragging certain specially formatted\nURLs to the addressbar could cause the wrong URL to be\ndisplayed. If a user were tricked in to opening a specially\ncrafted website and dragging a URL to the addressbar, an\nattacker could potentially exploit this to spoof the\naddressbar contents. (CVE-2018-5111)\n\nIt was discovered that WebExtension developer tools panels\ncould open non-relative URLs. If a user were tricked in to\ninstalling a specially crafted extension and running the\ndeveloper tools, an attacker could potentially exploit this\nto gain additional privileges. (CVE-2018-5112)\n\nIt was discovered that ActivityStream images can attempt to\nload local content through file: URLs. If a user were\ntricked in to opening a specially crafted website, an\nattacker could potentially exploit this in combination with\nanother vulnerability that allowed sandbox protections to be\nbypassed, in order to obtain sensitive information from\nlocal files. (CVE-2018-5118)\n\nIt was discovered that the reader view will load\ncross-origin content in violation of CORS headers. An\nattacker could exploit this to bypass CORS restrictions.\n(CVE-2018-5119).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3544-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"58.0.2+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"58.0.2+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"firefox\", pkgver:\"58.0.2+build1-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T04:09:09", "description": "The version of Mozilla Firefox installed on the remote Windows host\nis prior to 58. It is, therefore, affected by multiple\nvulnerabilities, some of which allow code execution and potentially\nexploitable crashes.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-24T00:00:00", "title": "Mozilla Firefox < 58 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5121", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5110", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_58_0.NASL", "href": "https://www.tenable.com/plugins/nessus/106303", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106303);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-5089\",\n \"CVE-2018-5090\",\n \"CVE-2018-5091\",\n \"CVE-2018-5092\",\n \"CVE-2018-5093\",\n \"CVE-2018-5094\",\n \"CVE-2018-5095\",\n \"CVE-2018-5097\",\n \"CVE-2018-5098\",\n \"CVE-2018-5099\",\n \"CVE-2018-5100\",\n \"CVE-2018-5101\",\n \"CVE-2018-5102\",\n \"CVE-2018-5103\",\n \"CVE-2018-5104\",\n \"CVE-2018-5105\",\n \"CVE-2018-5106\",\n \"CVE-2018-5107\",\n \"CVE-2018-5108\",\n \"CVE-2018-5109\",\n \"CVE-2018-5110\",\n \"CVE-2018-5111\",\n \"CVE-2018-5112\",\n \"CVE-2018-5113\",\n \"CVE-2018-5114\",\n \"CVE-2018-5115\",\n \"CVE-2018-5116\",\n \"CVE-2018-5117\",\n \"CVE-2018-5118\",\n \"CVE-2018-5119\",\n \"CVE-2018-5121\",\n \"CVE-2018-5122\"\n );\n script_bugtraq_id(102783);\n script_xref(name:\"MFSA\", value:\"2018-02\");\n\n script_name(english:\"Mozilla Firefox < 58 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host\nis prior to 58. It is, therefore, affected by multiple\nvulnerabilities, some of which allow code execution and potentially\nexploitable crashes.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 58 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', fix:'58', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:45:31", "description": "The version of Mozilla Firefox installed on the remote macOS or Mac\nOS X host is prior to 58. It is, therefore, affected by multiple\nvulnerabilities, some of which allow code execution and potentially\nexploitable crashes.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-24T00:00:00", "title": "Mozilla Firefox < 58 Multiple Vulnerabilities (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5121", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5110", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_58_0.NASL", "href": "https://www.tenable.com/plugins/nessus/106301", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106301);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-5089\",\n \"CVE-2018-5090\",\n \"CVE-2018-5091\",\n \"CVE-2018-5092\",\n \"CVE-2018-5093\",\n \"CVE-2018-5094\",\n \"CVE-2018-5095\",\n \"CVE-2018-5097\",\n \"CVE-2018-5098\",\n \"CVE-2018-5099\",\n \"CVE-2018-5100\",\n \"CVE-2018-5101\",\n \"CVE-2018-5102\",\n \"CVE-2018-5103\",\n \"CVE-2018-5104\",\n \"CVE-2018-5105\",\n \"CVE-2018-5106\",\n \"CVE-2018-5107\",\n \"CVE-2018-5108\",\n \"CVE-2018-5109\",\n \"CVE-2018-5110\",\n \"CVE-2018-5111\",\n \"CVE-2018-5112\",\n \"CVE-2018-5113\",\n \"CVE-2018-5114\",\n \"CVE-2018-5115\",\n \"CVE-2018-5116\",\n \"CVE-2018-5117\",\n \"CVE-2018-5118\",\n \"CVE-2018-5119\",\n \"CVE-2018-5121\",\n \"CVE-2018-5122\"\n );\n script_bugtraq_id(102783);\n script_xref(name:\"MFSA\", value:\"2018-02\");\n\n script_name(english:\"Mozilla Firefox < 58 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by a multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote macOS or Mac\nOS X host is prior to 58. It is, therefore, affected by multiple\nvulnerabilities, some of which allow code execution and potentially\nexploitable crashes.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 58 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'58', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T02:55:02", "description": "Mozilla Foundation reports :\n\nCVE-2018-5091: Use-after-free with DTMF timers\n\nCVE-2018-5092: Use-after-free in Web Workers\n\nCVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table\nresizing\n\nCVE-2018-5094: Buffer overflow in WebAssembly with garbage collection\non uninitialized memory\n\nCVE-2018-5095: Integer overflow in Skia library during edge builder\nallocation\n\nCVE-2018-5097: Use-after-free when source document is manipulated\nduring XSLT\n\nCVE-2018-5098: Use-after-free while manipulating form input elements\n\nCVE-2018-5099: Use-after-free with widget listener\n\nCVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments\nare freed from memory\n\nCVE-2018-5101: Use-after-free with floating first-letter style\nelements\n\nCVE-2018-5102: Use-after-free in HTML media elements\n\nCVE-2018-5103: Use-after-free during mouse event handling\n\nCVE-2018-5104: Use-after-free during font face manipulation\n\nCVE-2018-5105: WebExtensions can save and execute files on local file\nsystem without user prompts\n\nCVE-2018-5106: Developer Tools can expose style editor information\ncross-origin through service worker\n\nCVE-2018-5107: Printing process will follow symlinks for local file\naccess\n\nCVE-2018-5108: Manually entered blob URL can be accessed by subsequent\nprivate browsing tabs\n\nCVE-2018-5109: Audio capture prompts and starts with incorrect origin\nattribution\n\nCVE-2018-5110: Cursor can be made invisible on OS X\n\nCVE-2018-5111: URL spoofing in addressbar through drag and drop\n\nCVE-2018-5112: Extension development tools panel can open a\nnon-relative URL in the panel\n\nCVE-2018-5113: WebExtensions can load non-HTTPS pages with\nbrowser.identity.launchWebAuthFlow\n\nCVE-2018-5114: The old value of a cookie changed to HttpOnly remains\naccessible to scripts\n\nCVE-2018-5115: Background network requests can open HTTP\nauthentication in unrelated foreground tabs\n\nCVE-2018-5116: WebExtension ActiveTab permission allows cross-origin\nframe content access\n\nCVE-2018-5117: URL spoofing with right-to-left text aligned\nleft-to-right\n\nCVE-2018-5118: Activity Stream images can attempt to load local\ncontent through file :\n\nCVE-2018-5119: Reader view will load cross-origin content in violation\nof CORS headers\n\nCVE-2018-5121: OS X Tibetan characters render incompletely in the\naddressbar\n\nCVE-2018-5122: Potential integer overflow in DoCrypt\n\nCVE-2018-5090: Memory safety bugs fixed in Firefox 58\n\nCVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR\n52.6", "edition": 32, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-24T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (a891c5b4-3d7a-4de9-9c71-eef3fd698c77)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5121", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5110", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird", "p-cpe:/a:freebsd:freebsd:waterfox", "p-cpe:/a:freebsd:freebsd:firefox-esr"], "id": "FREEBSD_PKG_A891C5B43D7A4DE99C71EEF3FD698C77.NASL", "href": "https://www.tenable.com/plugins/nessus/106288", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106288);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5090\", \"CVE-2018-5091\", \"CVE-2018-5092\", \"CVE-2018-5093\", \"CVE-2018-5094\", \"CVE-2018-5095\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5100\", \"CVE-2018-5101\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5105\", \"CVE-2018-5106\", \"CVE-2018-5107\", \"CVE-2018-5108\", \"CVE-2018-5109\", \"CVE-2018-5110\", \"CVE-2018-5111\", \"CVE-2018-5112\", \"CVE-2018-5113\", \"CVE-2018-5114\", \"CVE-2018-5115\", \"CVE-2018-5116\", \"CVE-2018-5117\", \"CVE-2018-5118\", \"CVE-2018-5119\", \"CVE-2018-5121\", \"CVE-2018-5122\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (a891c5b4-3d7a-4de9-9c71-eef3fd698c77)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Foundation reports :\n\nCVE-2018-5091: Use-after-free with DTMF timers\n\nCVE-2018-5092: Use-after-free in Web Workers\n\nCVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table\nresizing\n\nCVE-2018-5094: Buffer overflow in WebAssembly with garbage collection\non uninitialized memory\n\nCVE-2018-5095: Integer overflow in Skia library during edge builder\nallocation\n\nCVE-2018-5097: Use-after-free when source document is manipulated\nduring XSLT\n\nCVE-2018-5098: Use-after-free while manipulating form input elements\n\nCVE-2018-5099: Use-after-free with widget listener\n\nCVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments\nare freed from memory\n\nCVE-2018-5101: Use-after-free with floating first-letter style\nelements\n\nCVE-2018-5102: Use-after-free in HTML media elements\n\nCVE-2018-5103: Use-after-free during mouse event handling\n\nCVE-2018-5104: Use-after-free during font face manipulation\n\nCVE-2018-5105: WebExtensions can save and execute files on local file\nsystem without user prompts\n\nCVE-2018-5106: Developer Tools can expose style editor information\ncross-origin through service worker\n\nCVE-2018-5107: Printing process will follow symlinks for local file\naccess\n\nCVE-2018-5108: Manually entered blob URL can be accessed by subsequent\nprivate browsing tabs\n\nCVE-2018-5109: Audio capture prompts and starts with incorrect origin\nattribution\n\nCVE-2018-5110: Cursor can be made invisible on OS X\n\nCVE-2018-5111: URL spoofing in addressbar through drag and drop\n\nCVE-2018-5112: Extension development tools panel can open a\nnon-relative URL in the panel\n\nCVE-2018-5113: WebExtensions can load non-HTTPS pages with\nbrowser.identity.launchWebAuthFlow\n\nCVE-2018-5114: The old value of a cookie changed to HttpOnly remains\naccessible to scripts\n\nCVE-2018-5115: Background network requests can open HTTP\nauthentication in unrelated foreground tabs\n\nCVE-2018-5116: WebExtension ActiveTab permission allows cross-origin\nframe content access\n\nCVE-2018-5117: URL spoofing with right-to-left text aligned\nleft-to-right\n\nCVE-2018-5118: Activity Stream images can attempt to load local\ncontent through file :\n\nCVE-2018-5119: Reader view will load cross-origin content in violation\nof CORS headers\n\nCVE-2018-5121: OS X Tibetan characters render incompletely in the\naddressbar\n\nCVE-2018-5122: Potential integer overflow in DoCrypt\n\nCVE-2018-5090: Memory safety bugs fixed in Firefox 58\n\nCVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR\n52.6\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2018-02/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2018-03/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/\"\n );\n # https://vuxml.freebsd.org/freebsd/a891c5b4-3d7a-4de9-9c71-eef3fd698c77.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a44141c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:waterfox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<58.0_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"waterfox<56.0.3.63\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.49.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.49.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<52.6.0_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<52.6.0,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<52.6.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<52.6.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<52.6.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:51:36", "description": "Multiple security issues have been found in Thunderbird, which may\nlead to the execution of arbitrary code, denial of service or URL\nspoofing.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-31T00:00:00", "title": "Debian DSA-4102-1 : thunderbird - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:thunderbird", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4102.NASL", "href": "https://www.tenable.com/plugins/nessus/106509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4102. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106509);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_xref(name:\"DSA\", value:\"4102\");\n\n script_name(english:\"Debian DSA-4102-1 : thunderbird - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Thunderbird, which may\nlead to the execution of arbitrary code, denial of service or URL\nspoofing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4102\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the thunderbird packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 1:52.6.0-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1:52.6.0-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-all\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ar\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ast\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-be\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-bg\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-bn-bd\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-br\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ca\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-cs\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-da\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-de\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-dsb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-el\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-en-gb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-es-ar\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-es-es\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-et\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-eu\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-fi\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-fr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-fy-nl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ga-ie\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-gd\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-gl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-he\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hsb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hu\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hy-am\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-id\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-is\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-it\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ja\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-kab\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ko\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-lt\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-nb-no\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-nl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-nn-no\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pa-in\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pt-br\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pt-pt\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-rm\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ro\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ru\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-si\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sq\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sv-se\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ta-lk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-tr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-uk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-vi\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-zh-cn\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-zh-tw\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ar\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ast\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-be\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-bg\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-bn-bd\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-br\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ca\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-cs\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-cy\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-da\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-de\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-dsb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-el\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-en-gb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-es-ar\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-es-es\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-et\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-eu\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-fi\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-fr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-fy-nl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ga-ie\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-gd\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-gl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-he\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hsb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hu\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hy-am\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-id\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-is\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-it\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ja\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-kab\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ko\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-lt\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-nb-no\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-nl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-nn-no\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pa-in\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pt-br\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pt-pt\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-rm\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ro\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ru\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-si\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sq\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sv-se\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ta-lk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-tr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-uk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-vi\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-zh-cn\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-zh-tw\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ar\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ast\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-be\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-bg\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-bn-bd\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-br\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ca\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-cs\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-cy\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-da\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-de\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-dsb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-el\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-en-gb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-es-ar\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-es-es\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-et\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-eu\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-fi\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-fr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-fy-nl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ga-ie\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-gd\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-gl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-he\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hsb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hu\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hy-am\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-id\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-is\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-it\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ja\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-kab\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ko\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-lt\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-nb-no\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-nl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-nn-no\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pa-in\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pt-br\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pt-pt\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-rm\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ro\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ru\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-si\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sq\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sv-se\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ta-lk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-tr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-uk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-vi\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-zh-cn\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-zh-tw\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-dbg\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-dev\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-all\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ar\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ast\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-be\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-bg\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-bn-bd\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-br\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ca\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-cs\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-da\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-de\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-dsb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-el\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-en-gb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-es-ar\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-es-es\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-et\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-eu\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-fi\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-fr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-fy-nl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ga-ie\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-gd\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-gl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-he\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hsb\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hu\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hy-am\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-id\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-is\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-it\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ja\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-kab\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ko\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-lt\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-nb-no\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-nl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-nn-no\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pa-in\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pt-br\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pt-pt\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-rm\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ro\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ru\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-si\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sl\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sq\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sv-se\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ta-lk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-tr\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-uk\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-vi\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-zh-cn\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-zh-tw\", reference:\"1:52.6.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"calendar-google-provider\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-dbg\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-dev\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-all\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ar\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ast\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-be\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-bg\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-bn-bd\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-br\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ca\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-cs\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-da\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-de\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-dsb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-el\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-en-gb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-es-ar\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-es-es\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-et\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-eu\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fi\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fy-nl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ga-ie\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-gd\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-gl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-he\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hsb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hu\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hy-am\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-id\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-is\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-it\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ja\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-kab\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ko\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-lt\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nb-no\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nn-no\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pa-in\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pt-br\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pt-pt\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-rm\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ro\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ru\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-si\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sq\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sv-se\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ta-lk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-tr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-uk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-vi\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-zh-cn\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-zh-tw\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-extension\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ar\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ast\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-be\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-bg\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-bn-bd\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-br\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ca\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-cs\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-cy\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-da\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-de\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-dsb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-el\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-en-gb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-es-ar\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-es-es\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-et\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-eu\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fi\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fy-nl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ga-ie\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-gd\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-gl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-he\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hsb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hu\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hy-am\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-id\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-is\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-it\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ja\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-kab\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ko\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-lt\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nb-no\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nn-no\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pa-in\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pt-br\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pt-pt\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-rm\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ro\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ru\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-si\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sq\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sv-se\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ta-lk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-tr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-uk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-vi\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-zh-cn\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-zh-tw\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ar\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ast\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-be\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-bg\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-bn-bd\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-br\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ca\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-cs\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-cy\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-da\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-de\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-dsb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-el\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-en-gb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-es-ar\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-es-es\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-et\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-eu\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fi\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fy-nl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ga-ie\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-gd\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-gl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-he\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hsb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hu\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hy-am\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-id\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-is\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-it\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ja\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-kab\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ko\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-lt\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nb-no\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nn-no\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pa-in\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pt-br\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pt-pt\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-rm\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ro\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ru\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-si\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sq\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sv-se\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ta-lk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-tr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-uk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-vi\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-zh-cn\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-zh-tw\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-dbg\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-dev\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-all\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ar\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ast\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-be\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-bg\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-bn-bd\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-br\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ca\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-cs\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-da\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-de\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-dsb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-el\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-en-gb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-es-ar\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-es-es\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-et\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-eu\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fi\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fy-nl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ga-ie\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-gd\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-gl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-he\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hsb\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hu\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hy-am\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-id\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-is\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-it\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ja\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-kab\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ko\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-lt\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nb-no\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nn-no\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pa-in\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pt-br\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pt-pt\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-rm\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ro\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ru\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-si\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sl\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sq\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sv-se\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ta-lk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-tr\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-uk\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-vi\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-zh-cn\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-zh-tw\", reference:\"1:52.6.0-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T18:24:52", "description": "This update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095,\n CVE-2018-5096, CVE-2018-5097, CVE-2018-5098,\n CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,\n CVE-2018-5104, CVE-2018-5117)\n\n - To mitigate timing-based side-channel attacks similar to\n 'Spectre' and 'Meltdown', the resolution of\n performance.now() has been reduced from 5s to 20s.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-25T00:00:00", "title": "Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20180124)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "modified": "2018-01-25T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180124_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/106337", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106337);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20180124)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095,\n CVE-2018-5096, CVE-2018-5097, CVE-2018-5098,\n CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,\n CVE-2018-5104, CVE-2018-5117)\n\n - To mitigate timing-based side-channel attacks similar to\n 'Spectre' and 'Meltdown', the resolution of\n performance.now() has been reduced from 5s to 20s.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1801&L=scientific-linux-errata&F=&S=&P=7859\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4aaa61c3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-52.6.0-1.el6_9\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-52.6.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-52.6.0-1.el7_4\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-52.6.0-1.el7_4\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:46:14", "description": "An update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2018-5089, CVE-2018-5091,\nCVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098,\nCVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104,\nCVE-2018-5117)\n\n* To mitigate timing-based side-channel attacks similar to 'Spectre'\nand 'Meltdown', the resolution of performance.now() has been reduced\nfrom 5ms to 20ms.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia\nKnous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson\nSmith, Cobos Alvarez, Ryan VanderMeulen, Sebastian Hengst, Karl\nTomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Looben\nYang, Anonymous, Nils, and Xisigr as the original reporters.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-25T00:00:00", "title": "RHEL 6 / 7 : firefox (RHSA-2018:0122)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "modified": "2018-01-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-0122.NASL", "href": "https://www.tenable.com/plugins/nessus/106329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0122. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106329);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_xref(name:\"RHSA\", value:\"2018:0122\");\n\n script_name(english:\"RHEL 6 / 7 : firefox (RHSA-2018:0122)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2018-5089, CVE-2018-5091,\nCVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098,\nCVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104,\nCVE-2018-5117)\n\n* To mitigate timing-based side-channel attacks similar to 'Spectre'\nand 'Meltdown', the resolution of performance.now() has been reduced\nfrom 5ms to 20ms.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia\nKnous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson\nSmith, Cobos Alvarez, Ryan VanderMeulen, Sebastian Hengst, Karl\nTomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Looben\nYang, Anonymous, Nils, and Xisigr as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5117\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0122\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-52.6.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-52.6.0-1.el6_9\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-52.6.0-1.el7_4\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-52.6.0-1.el7_4\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T06:43:47", "description": "This update for MozillaFirefox to version 52.6 several issues. These\nsecurity issues were fixed :\n\n - CVE-2018-5091: Use-after-free with DTMF timers\n (bsc#1077291).\n\n - CVE-2018-5095: Integer overflow in Skia library during\n edge builder allocation (bsc#1077291).\n\n - CVE-2018-5096: Use-after-free while editing form\n elements (bsc#1077291).\n\n - CVE-2018-5097: Use-after-free when source document is\n manipulated during XSLT (bsc#1077291).\n\n - CVE-2018-5098: Use-after-free while manipulating form\n input elements (bsc#1077291).\n\n - CVE-2018-5099: Use-after-free with widget listener\n (bsc#1077291).\n\n - CVE-2018-5104: Use-after-free during font face\n manipulation (bsc#1077291).\n\n - CVE-2018-5089: Fixed several memory safety bugs\n (bsc#1077291).\n\n - CVE-2018-5117: URL spoofing with right-to-left text\n aligned left-to-right (bsc#1077291).\n\n - CVE-2018-5102: Use-after-free in HTML media elements\n (bsc#1077291).\n\n - CVE-2018-5103: Use-after-free during mouse event\n handling (bsc#1077291).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-07T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:0374-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:MozillaFirefox-devel"], "id": "SUSE_SU-2018-0374-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106654", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0374-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106654);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:0374-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox to version 52.6 several issues. These\nsecurity issues were fixed :\n\n - CVE-2018-5091: Use-after-free with DTMF timers\n (bsc#1077291).\n\n - CVE-2018-5095: Integer overflow in Skia library during\n edge builder allocation (bsc#1077291).\n\n - CVE-2018-5096: Use-after-free while editing form\n elements (bsc#1077291).\n\n - CVE-2018-5097: Use-after-free when source document is\n manipulated during XSLT (bsc#1077291).\n\n - CVE-2018-5098: Use-after-free while manipulating form\n input elements (bsc#1077291).\n\n - CVE-2018-5099: Use-after-free with widget listener\n (bsc#1077291).\n\n - CVE-2018-5104: Use-after-free during font face\n manipulation (bsc#1077291).\n\n - CVE-2018-5089: Fixed several memory safety bugs\n (bsc#1077291).\n\n - CVE-2018-5117: URL spoofing with right-to-left text\n aligned left-to-right (bsc#1077291).\n\n - CVE-2018-5102: Use-after-free in HTML media elements\n (bsc#1077291).\n\n - CVE-2018-5103: Use-after-free during mouse event\n handling (bsc#1077291).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5089/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5091/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5095/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5097/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5098/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5099/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5102/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5103/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5104/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5117/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180374-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?babf11be\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-263=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-263=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-263=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-263=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-263=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-263=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-263=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-263=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-263=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-263=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-263=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debugsource-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-devel-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-translations-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debugsource-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-devel-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-translations-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debuginfo-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debugsource-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-translations-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debugsource-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-translations-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-52.6.0esr-109.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-52.6.0esr-109.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:22:11", "description": "From Red Hat Security Advisory 2018:0122 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2018-5089, CVE-2018-5091,\nCVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098,\nCVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104,\nCVE-2018-5117)\n\n* To mitigate timing-based side-channel attacks similar to 'Spectre'\nand 'Meltdown', the resolution of performance.now() has been reduced\nfrom 5ms to 20ms.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia\nKnous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson\nSmith, Cobos Alvarez, Ryan VanderMeulen, Sebastian Hengst, Karl\nTomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Looben\nYang, Anonymous, Nils, and Xisigr as the original reporters.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-25T00:00:00", "title": "Oracle Linux 6 / 7 : firefox (ELSA-2018-0122)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "modified": "2018-01-25T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-0122.NASL", "href": "https://www.tenable.com/plugins/nessus/106327", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0122 and \n# Oracle Linux Security Advisory ELSA-2018-0122 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106327);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-5089\", \"CVE-2018-5091\", \"CVE-2018-5095\", \"CVE-2018-5096\", \"CVE-2018-5097\", \"CVE-2018-5098\", \"CVE-2018-5099\", \"CVE-2018-5102\", \"CVE-2018-5103\", \"CVE-2018-5104\", \"CVE-2018-5117\");\n script_xref(name:\"RHSA\", value:\"2018:0122\");\n\n script_name(english:\"Oracle Linux 6 / 7 : firefox (ELSA-2018-0122)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2018:0122 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 6\nand Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2018-5089, CVE-2018-5091,\nCVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098,\nCVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104,\nCVE-2018-5117)\n\n* To mitigate timing-based side-channel attacks similar to 'Spectre'\nand 'Meltdown', the resolution of performance.now() has been reduced\nfrom 5ms to 20ms.\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia\nKnous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson\nSmith, Cobos Alvarez, Ryan VanderMeulen, Sebastian Hengst, Karl\nTomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Looben\nYang, Anonymous, Nils, and Xisigr as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-January/007472.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-January/007473.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"firefox-52.6.0-1.0.1.el6_9\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-52.6.0-1.0.1.el7_4\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5121", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5110", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "description": "\nMozilla Foundation reports:\n\nCVE-2018-5091: Use-after-free with DTMF timers\nCVE-2018-5092: Use-after-free in Web Workers\nCVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing\nCVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory\nCVE-2018-5095: Integer overflow in Skia library during edge builder allocation\nCVE-2018-5097: Use-after-free when source document is manipulated during XSLT\nCVE-2018-5098: Use-after-free while manipulating form input elements\nCVE-2018-5099: Use-after-free with widget listener\nCVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory\nCVE-2018-5101: Use-after-free with floating first-letter style elements\nCVE-2018-5102: Use-after-free in HTML media elements\nCVE-2018-5103: Use-after-free during mouse event handling\nCVE-2018-5104: Use-after-free during font face manipulation\nCVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts\nCVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker\nCVE-2018-5107: Printing process will follow symlinks for local file access\nCVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs\nCVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution\nCVE-2018-5110: Cursor can be made invisible on OS X\nCVE-2018-5111: URL spoofing in addressbar through drag and drop\nCVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel\nCVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow\nCVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts\nCVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs\nCVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access\nCVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right\nCVE-2018-5118: Activity Stream images can attempt to load local content through file:\nCVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers\nCVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar\nCVE-2018-5122: Potential integer overflow in DoCrypt\nCVE-2018-5090: Memory safety bugs fixed in Firefox 58\nCVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6\n\n", "edition": 8, "modified": "2018-01-29T00:00:00", "published": "2018-01-23T00:00:00", "id": "A891C5B4-3D7A-4DE9-9C71-EEF3FD698C77", "href": "https://vuxml.freebsd.org/freebsd/a891c5b4-3d7a-4de9-9c71-eef3fd698c77.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:42", "bulletinFamily": "info", "cvelist": ["CVE-2018-5101", "CVE-2018-5111", "CVE-2018-5106", "CVE-2018-5097", "CVE-2018-5108", "CVE-2018-5090", "CVE-2018-5100", "CVE-2018-5107", "CVE-2018-5089", "CVE-2018-5122", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5121", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5094", "CVE-2018-5092", "CVE-2018-5109", "CVE-2018-5114", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5110", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5103", "CVE-2018-5116", "CVE-2018-5093", "CVE-2018-5113", "CVE-2018-5099", "CVE-2018-5115", "CVE-2018-5112", "CVE-2018-5119"], "description": "### *Detect date*:\n01/23/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass security restrictions and gain privileges.\n\n### *Affected products*:\nMozilla Firefox versions earlier then 58 \nMozilla Firefox ESR versions earlier then 52.6\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Download Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisory 2018-02](<https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/>) \n[Mozilla Foundation Security Advisory 2018-03](<https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2018-5091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5091>)9.8Critical \n[CVE-2018-5095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095>)9.8Critical \n[CVE-2018-5096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096>)9.8Critical \n[CVE-2018-5097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097>)9.8Critical \n[CVE-2018-5098](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098>)9.8Critical \n[CVE-2018-5099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099>)9.8Critical \n[CVE-2018-5102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102>)9.8Critical \n[CVE-2018-5103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103>)9.8Critical \n[CVE-2018-5104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104>)9.8Critical \n[CVE-2018-5117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117>)5.3High \n[CVE-2018-5089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089>)9.8Critical \n[CVE-2018-5092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5092>)7.5Critical \n[CVE-2018-5093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5093>)5.0Critical \n[CVE-2018-5094](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5094>)5.0Critical \n[CVE-2018-5100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5100>)5.0Critical \n[CVE-2018-5101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5101>)5.0Critical \n[CVE-2018-5105](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5105>)7.2High \n[CVE-2018-5106](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5106>)5.0Critical \n[CVE-2018-5107](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5107>)5.0Critical \n[CVE-2018-5108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5108>)4.3Warning \n[CVE-2018-5109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5109>)5.0Critical \n[CVE-2018-5110](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5110>)5.0Critical \n[CVE-2018-5111](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5111>)4.3Warning \n[CVE-2018-5112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5112>)5.0Critical \n[CVE-2018-5113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5113>)5.0Critical \n[CVE-2018-5114](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5114>)5.0Critical \n[CVE-2018-5115](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5115>)5.0Critical \n[CVE-2018-5116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5116>)7.5Critical \n[CVE-2018-5118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5118>)5.0Critical \n[CVE-2018-5119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5119>)5.0Critical \n[CVE-2018-5121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5121>)5.0Critical \n[CVE-2018-5122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5122>)7.5Critical \n[CVE-2018-5090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5090>)10.0Critical", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2018-01-23T00:00:00", "id": "KLA11184", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11184", "title": "\r KLA11184Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:51:55", "bulletinFamily": "info", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "### *Detect date*:\n01/25/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface and execute arbitrary code.\n\n### *Affected products*:\nMozilla Thunderbird earlier than 52.6\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisory 2018-04](<https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2018-5095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095>)9.8Critical \n[CVE-2018-5096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096>)9.8Critical \n[CVE-2018-5097](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097>)9.8Critical \n[CVE-2018-5098](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098>)9.8Critical \n[CVE-2018-5099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099>)9.8Critical \n[CVE-2018-5102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102>)9.8Critical \n[CVE-2018-5103](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103>)9.8Critical \n[CVE-2018-5104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104>)9.8Critical \n[CVE-2018-5117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117>)5.3High \n[CVE-2018-5089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089>)9.8Critical", "edition": 40, "modified": "2020-05-22T00:00:00", "published": "2018-01-25T00:00:00", "id": "KLA11186", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11186", "title": "\r KLA11186Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-02-06T18:54:25", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "This update for MozillaFirefox to version 52.6 several issues.\n\n These security issues were fixed:\n\n - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291).\n - CVE-2018-5095: Integer overflow in Skia library during edge builder\n allocation (bsc#1077291).\n - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).\n - CVE-2018-5097: Use-after-free when source document is manipulated during\n XSLT (bsc#1077291).\n - CVE-2018-5098: Use-after-free while manipulating form input elements\n (bsc#1077291).\n - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).\n - CVE-2018-5104: Use-after-free during font face manipulation\n (bsc#1077291).\n - CVE-2018-5089: Fixed several memory safety bugs (bsc#1077291).\n - CVE-2018-5117: URL spoofing with right-to-left text aligned\n left-to-right (bsc#1077291).\n - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).\n - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).\n\n", "edition": 1, "modified": "2018-02-06T15:08:58", "published": "2018-02-06T15:08:58", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00007.html", "id": "SUSE-SU-2018:0374-1", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-01-25T06:53:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "This update for MozillaFirefox fixes the following issues:\n\n - update to Firefox 52.6esr (boo#1077291) MFSA 2018-01\n * Speculative execution side-channel attack ("Spectre") MFSA 2018-03\n * CVE-2018-5091 (bmo#1423086) Use-after-free with DTMF timers\n * CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during\n edge builder allocation\n * CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements\n * CVE-2018-5097 (bmo#1387427) Use-after-free when source document is\n manipulated during XSLT\n * CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form\n input elements\n * CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener\n * CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements\n * CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling\n * CVE-2018-5104 (bmo#1425000) Use-after-free during font face\n manipulation\n * CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text\n aligned left-to-right\n * CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR\n 52.6\n\n - Added additional patches and configurations to fix builds on s390 and\n PowerPC.\n * Added firefox-glibc-getrandom.patch effecting builds on s390 and\n PowerPC\n * Added mozilla-s390-bigendian.patch along with icudt58b.dat bigendian\n ICU data file for running Firefox on bigendian architectures\n (bmo#1322212 and bmo#1264836)\n * Added mozilla-s390-nojit.patch to enable atomic operations used by the\n JS engine when JIT is disabled on s390\n * Build configuration options specific to s390\n * Requires NSS >= 3.29.5\n\n", "edition": 1, "modified": "2018-01-25T03:07:50", "published": "2018-01-25T03:07:50", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00054.html", "id": "OPENSUSE-SU-2018:0203-1", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-02-05T14:54:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "This update for MozillaFirefox to version ESR 52.6 fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291).\n - CVE-2018-5095: Integer overflow in Skia library during edge builder\n allocation (bsc#1077291).\n - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).\n - CVE-2018-5097: Use-after-free when source document is manipulated during\n XSLT (bsc#1077291).\n - CVE-2018-5098: Use-after-free while manipulating form input elements\n (bsc#1077291).\n - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).\n - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).\n - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).\n - CVE-2018-5104: Use-after-free during font face manipulation\n (bsc#1077291).\n - CVE-2018-5117: URL spoofing with right-to-left text aligned\n left-to-right (bsc#1077291).\n - CVE-2018-5089: Various memory safety bugs (bsc#1077291).\n\n", "edition": 1, "modified": "2018-02-05T12:10:18", "published": "2018-02-05T12:10:18", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00005.html", "id": "SUSE-SU-2018:0361-1", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-01-28T06:53:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "This update for MozillaThunderbird to version 52.6 fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2018-5095: Integer overflow in Skia library during edge builder\n allocation (bsc#1077291).\n - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).\n - CVE-2018-5097: Use-after-free when source document is manipulated during\n XSLT (bsc#1077291).\n - CVE-2018-5098: Use-after-free while manipulating form input elements\n (bsc#1077291).\n - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).\n - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).\n - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).\n - CVE-2018-5104: Use-after-free during font face manipulation\n (bsc#1077291).\n - CVE-2018-5117: URL spoofing with right-to-left text aligned\n left-to-right (bsc#1077291).\n - CVE-2018-5089: Various memory safety bugs (bsc#1077291).\n\n These security issues were fixed:\n\n - Searching message bodies of messages in local folders, including filter\n and quick filter operations, not working reliably: Content not found in\n base64-encode message parts, non-ASCII text not found and false\n positives found.\n - Defective messages (without at least one expected header) not shown in\n IMAP folders but shown on mobile devices\n - Calendar: Unintended task deletion if numlock is enabled\n\n", "edition": 1, "modified": "2018-01-28T03:07:01", "published": "2018-01-28T03:07:01", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00077.html", "id": "OPENSUSE-SU-2018:0257-1", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-01-28T06:53:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "This update for MozillaThunderbird to version 52.6 fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2018-5095: Integer overflow in Skia library during edge builder\n allocation (bsc#1077291).\n - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).\n - CVE-2018-5097: Use-after-free when source document is manipulated during\n XSLT (bsc#1077291).\n - CVE-2018-5098: Use-after-free while manipulating form input elements\n (bsc#1077291).\n - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).\n - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).\n - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).\n - CVE-2018-5104: Use-after-free during font face manipulation\n (bsc#1077291).\n - CVE-2018-5117: URL spoofing with right-to-left text aligned\n left-to-right (bsc#1077291).\n - CVE-2018-5089: Various memory safety bugs (bsc#1077291).\n\n These security issues were fixed:\n\n - Searching message bodies of messages in local folders, including filter\n and quick filter operations, not working reliably: Content not found in\n base64-encode message parts, non-ASCII text not found and false\n positives found.\n - Defective messages (without at least one expected header) not shown in\n IMAP folders but shown on mobile devices\n - Calendar: Unintended task deletion if numlock is enabled\n\n", "edition": 1, "modified": "2018-01-28T03:06:46", "published": "2018-01-28T03:06:46", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00076.html", "id": "OPENSUSE-SU-2018:0256-1", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:12:39", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "[52.6.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484]\n[52.6.0-1]\n- Update to 52.6.0 ESR", "edition": 6, "modified": "2018-01-24T00:00:00", "published": "2018-01-24T00:00:00", "id": "ELSA-2018-0122", "href": "http://linux.oracle.com/errata/ELSA-2018-0122.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "[52.6.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[52.6.0-1]\n- Update to 52.6.0", "edition": 5, "modified": "2018-02-01T00:00:00", "published": "2018-02-01T00:00:00", "id": "ELSA-2018-0262", "href": "http://linux.oracle.com/errata/ELSA-2018-0262.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5096", "CVE-2018-5097", "CVE-2018-5098", "CVE-2018-5099", "CVE-2018-5102", "CVE-2018-5103", "CVE-2018-5104", "CVE-2018-5117"], "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)\n\n* To mitigate timing-based side-channel attacks similar to \"Spectre\" and \"Meltdown\", the resolution of performance.now() has been reduced from 5\u03bcs to 20\u03bcs.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos \u00c1lvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Looben Yang, Anonymous, Nils, and Xisigr as the original reporters.", "modified": "2018-06-07T18:23:04", "published": "2018-01-24T11:19:55", "id": "RHSA-2018:0122", "href": "https://access.redhat.com/errata/RHSA-2018:0122", "type": "redhat", "title": "(RHSA-2018:0122) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5089", "CVE-2018-5095", "CVE-2018-5096", "CVE-2018-5097", "CVE-2018-5098", "CVE-2018-5099", "CVE-2018-5102", "CVE-2018-5103", "CVE-2018-5104", "CVE-2018-5117"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.6.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos \u00c1lvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Anonymous, Nils, and Xisigr as the original reporters.", "modified": "2018-06-07T18:23:13", "published": "2018-02-01T15:39:33", "id": "RHSA-2018:0262", "href": "https://access.redhat.com/errata/RHSA-2018:0262", "type": "redhat", "title": "(RHSA-2018:0262) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-01-11T01:29:25", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4096-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 25, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 \n CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 \n CVE-2018-5103 CVE-2018-5104 CVE-2018-5117\n\nSeveral security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, integer\noverflows and other implementation errors may lead to the execution of\narbitrary code, denial of service or URL spoofing.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 52.6.0esr-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 52.6.0esr-1~deb9u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 23, "modified": "2018-01-25T02:00:02", "published": "2018-01-25T02:00:02", "id": "DEBIAN:DSA-4096-1:61DE9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00018.html", "title": "[SECURITY] [DSA 4096-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "Package : firefox-esr\nVersion : 52.6.0esr-1~deb7u1\nCVE ID : CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096\n CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102\n CVE-2018-5103 CVE-2018-5104 CVE-2018-5117\n\nSeveral security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code or denial\nof service.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n52.6.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2018-01-24T23:58:15", "published": "2018-01-24T23:58:15", "id": "DEBIAN:DLA-1256-1:43AD2", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201801/msg00030.html", "title": "[SECURITY] [DLA 1256-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-17T13:32:58", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4102-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 30, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 \n CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 \n CVE-2018-5103 CVE-2018-5104 CVE-2018-5117\n\nMultiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code, denial of service or URL spoofing.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1:52.6.0-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:52.6.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 17, "modified": "2018-01-30T20:23:46", "published": "2018-01-30T20:23:46", "id": "DEBIAN:DSA-4102-1:E4889", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00025.html", "title": "[SECURITY] [DSA 4102-1] thunderbird security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "Package : thunderbird\nVersion : 1:52.6.0-1~deb7u1\nCVE ID : CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 \n CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 \n CVE-2018-5104 CVE-2018-5117\nDebian Bug : 885157 885158 887766\n\nMultiple security issues have been found in the Mozilla Thunderbird mail\nclient: Multiple memory safety errors, use after free, integer overflows\nand other implementation errors may lead to crashes or the execution of\narbitrary code.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:52.6.0-1~deb7u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2018-01-29T12:22:47", "published": "2018-01-29T12:22:47", "id": "DEBIAN:DLA-1262-1:ADF42", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201801/msg00036.html", "title": "[SECURITY] [DLA 1262-1] thunderbird security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:37:32", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "**CentOS Errata and Security Advisory** CESA-2018:0122\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 52.6.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)\n\n* To mitigate timing-based side-channel attacks similar to \"Spectre\" and \"Meltdown\", the resolution of performance.now() has been reduced from 5\u03bcs to 20\u03bcs.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos \u00c1lvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Looben Yang, Anonymous, Nils, and Xisigr as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/034754.html\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/034755.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "edition": 5, "modified": "2018-01-25T06:38:48", "published": "2018-01-25T06:37:52", "id": "CESA-2018:0122", "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/034754.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T03:35:59", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2018-5102", "CVE-2018-5117", "CVE-2018-5104", "CVE-2018-5103", "CVE-2018-5099"], "description": "**CentOS Errata and Security Advisory** CESA-2018:0262\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.6.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos \u00c1lvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Anonymous, Nils, and Xisigr as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-February/034799.html\nhttp://lists.centos.org/pipermail/centos-announce/2018-February/034800.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 5, "modified": "2018-02-01T23:45:44", "published": "2018-02-01T23:44:38", "id": "CESA-2018:0262", "href": "http://lists.centos.org/pipermail/centos-announce/2018-February/034799.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:52:39", "description": "The \"browser.identity.launchWebAuthFlow\" function of WebExtensions is only allowed to load content over \"https:\" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5113", "type": "cve", "cwe": ["CWE-862"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5113"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:mozilla:firefox:57.0.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-5113", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5113", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:57.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5090", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5090"], "modified": "2018-06-25T17:28:00", "cpe": ["cpe:/a:mozilla:firefox:57.0.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-5090", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5090", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:57.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5115", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5115"], "modified": "2018-06-25T18:41:00", "cpe": ["cpe:/a:mozilla:firefox:57.0.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-5115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5115", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:57.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5092", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5092"], "modified": "2018-06-25T17:31:00", "cpe": ["cpe:/a:mozilla:firefox:57.0.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-5092", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5092", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:57.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "A use-after-free vulnerability can occur when manipulating floating \"first-letter\" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5101", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5101"], "modified": "2018-06-22T19:55:00", "cpe": ["cpe:/a:mozilla:firefox:57.0.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-5101", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5101", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:57.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5109", "type": "cve", "cwe": ["CWE-346"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5109"], "modified": "2018-06-25T17:43:00", "cpe": ["cpe:/a:mozilla:firefox:57.0.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-5109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5109", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:57.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5111", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5111"], "modified": "2018-06-25T17:44:00", "cpe": ["cpe:/a:mozilla:firefox:57.0.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-5111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5111", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:57.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.", "edition": 10, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5091", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5091"], "modified": "2018-08-09T16:29:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-5091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5091", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "A use-after-free vulnerability can occur when arguments passed to the \"IsPotentiallyScrollable\" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5100", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5100"], "modified": "2018-06-22T19:53:00", "cpe": ["cpe:/a:mozilla:firefox:57.0.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-5100", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5100", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:57.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "title": "CVE-2018-5112", "type": "cve", "cwe": ["CWE-552"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5112"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:mozilla:firefox:57.0.4", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-5112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5112", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:57.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}]}
