## Releases
* Ubuntu 19.04
* Ubuntu 18.10
* Ubuntu 18.04 ESM
* Ubuntu 16.04 ESM
## Packages
* thunderbird \- Mozilla Open Source mail and newsgroup client
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
bypass same-origin protections, or execute arbitrary code.
(CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,
CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820)
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service, or execute
arbitrary code. (CVE-2019-5798, CVE-2019-7317)
A type confusion bug was discovered with object groups and UnboxedObjects.
If a user were tricked in to opening a specially crafted website in a
browsing context after enabling the UnboxedObjects feature, an attacker
could potentially exploit this to bypass security checks. (CVE-2019-9816)
It was discovered that history data could be exposed via drag and drop
of hyperlinks to and from bookmarks. If a user were tricked in to dragging
a specially crafted hyperlink to a bookmark toolbar or sidebar, and
subsequently back in to the web content area, an attacker could
potentially exploit this to obtain sensitive information. (CVE-2019-11698)
{"nessus": [{"lastseen": "2021-12-23T02:33:20", "description": "Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code.\n(CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820)\n\nMultiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-5798, CVE-2019-7317)\n\nA type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website in a browsing context after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816)\n\nIt was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to a bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information.\n(CVE-2019-11698).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-29T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Thunderbird vulnerabilities (USN-3997-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-18511", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-3997-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125545", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3997-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125545);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-18511\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"USN\", value:\"3997-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Thunderbird vulnerabilities (USN-3997-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in Thunderbird. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit these to cause a denial\nof service, bypass same-origin protections, or execute arbitrary code.\n(CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,\nCVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819,\nCVE-2019-9820)\n\nMultiple security issues were discovered in Thunderbird. If a user\nwere tricked in to opening a specially crafted message, an attacker\ncould potentially exploit these to cause a denial of service, or\nexecute arbitrary code. (CVE-2019-5798, CVE-2019-7317)\n\nA type confusion bug was discovered with object groups and\nUnboxedObjects. If a user were tricked in to opening a specially\ncrafted website in a browsing context after enabling the\nUnboxedObjects feature, an attacker could potentially exploit this to\nbypass security checks. (CVE-2019-9816)\n\nIt was discovered that history data could be exposed via drag and drop\nof hyperlinks to and from bookmarks. If a user were tricked in to\ndragging a specially crafted hyperlink to a bookmark toolbar or\nsidebar, and subsequently back in to the web content area, an attacker\ncould potentially exploit this to obtain sensitive information.\n(CVE-2019-11698).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3997-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"thunderbird\", pkgver:\"1:60.7.0+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"thunderbird\", pkgver:\"1:60.7.0+build1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"thunderbird\", pkgver:\"1:60.7.0+build1-0ubuntu0.18.10.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"thunderbird\", pkgver:\"1:60.7.0+build1-0ubuntu0.19.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:29:41", "description": "An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-05-24T00:00:00", "type": "nessus", "title": "RHEL 6 : firefox (RHSA-2019:1267)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-1267.NASL", "href": "https://www.tenable.com/plugins/nessus/125383", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1267. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125383);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"RHSA\", value:\"2019:1267\");\n\n script_name(english:\"RHEL 6 : firefox (RHSA-2019:1267)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects\n(CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-18511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11698\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1267\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"firefox-debuginfo-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"firefox-debuginfo-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"firefox-debuginfo-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:29:41", "description": "Security Fix(es) :\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n - chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)", "cvss3": {}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190523)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190523_FIREFOX_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125447", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125447);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190523)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and\n Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Cross-origin theft of images with\n createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Type confusion with object groups and\n UnboxedObjects (CVE-2019-9816)\n\n - Mozilla: Stealing of cross-domain images using canvas\n (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API\n (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by\n DocShell (CVE-2019-9820)\n\n - Mozilla: Use-after-free in XMLHttpRequest\n (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event\n listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux\n (CVE-2019-11693)\n\n - mozilla: Cross-origin theft of images with\n ImageBitmapRenderingContext (CVE-2018-18511)\n\n - chromium-browser: Out of bounds read in Skia\n (CVE-2019-5798)\n\n - Mozilla: Theft of user history data through drag and\n drop of hyperlinks to and from bookmarks\n (CVE-2019-11698)\n\n - libpng: use-after-free in png_image_free in png.c\n (CVE-2019-7317)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1905&L=SCIENTIFIC-LINUX-ERRATA&P=6485\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c08fdc1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"firefox-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:33:20", "description": "Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.", "cvss3": {}, "published": "2019-05-23T00:00:00", "type": "nessus", "title": "Debian DSA-4448-1 : firefox-esr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-07-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4448.NASL", "href": "https://www.tenable.com/plugins/nessus/125343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4448. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125343);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/07/26 16:46:13\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"DSA\", value:\"4448\");\n\n script_name(english:\"Debian DSA-4448-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4448\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 60.7.0esr-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-dev\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-af\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-all\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-an\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-as\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-az\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-br\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cak\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-da\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-de\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-el\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-et\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-he\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-id\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-is\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-it\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ka\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kab\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-km\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-or\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-si\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-son\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-te\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-th\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-dev\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ach\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-af\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-all\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-an\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ar\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-as\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ast\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-az\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bg\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-br\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bs\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ca\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cak\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cs\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cy\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-da\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-de\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-el\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-eo\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-et\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-eu\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fa\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ff\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fi\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gd\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gn\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-he\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hu\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-id\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-is\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-it\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ja\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ka\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kab\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kk\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-km\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kn\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ko\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lij\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lt\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lv\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mai\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mk\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ml\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ms\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-or\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-rm\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ro\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ru\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-si\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sk\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sl\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-son\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sq\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ta\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-te\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-th\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-tr\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-uk\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-uz\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-vi\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-xh\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"60.7.0esr-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:33:20", "description": "Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 60.7.0esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-24T00:00:00", "type": "nessus", "title": "Debian DLA-1800-1 : firefox-esr security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "p-cpe:/a:debian:debian_linux:firefox-esr-dbg", "p-cpe:/a:debian:debian_linux:firefox-esr-dev", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceweasel", "p-cpe:/a:debian:debian_linux:iceweasel-dbg", "p-cpe:/a:debian:debian_linux:iceweasel-dev", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-af", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-all", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-an", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-as", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-az", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-be", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-da", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-de", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-el", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-et", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-he", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-id", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-is", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-it", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-km", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-or", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-si", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-son", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-te", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-th", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1800.NASL", "href": "https://www.tenable.com/plugins/nessus/125374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1800-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125374);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n\n script_name(english:\"Debian DLA-1800-1 : firefox-esr security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n60.7.0esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firefox-esr\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dbg\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dev\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-af\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-all\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-an\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-as\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-az\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-be\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-br\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-da\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-de\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-el\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-et\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-he\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-id\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-is\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-it\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-km\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-or\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-si\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-son\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-te\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-th\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-az\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gn\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uz\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"60.7.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:33:19", "description": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-05-24T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2019:1269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "p-cpe:/a:redhat:enterprise_linux:firefox-debugsource", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-1269.NASL", "href": "https://www.tenable.com/plugins/nessus/125385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1269. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125385);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"RHSA\", value:\"2019:1269\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2019:1269)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects\n(CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-18511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11698\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected firefox, firefox-debuginfo and / or\nfirefox-debugsource packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1269\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"firefox-60.7.0-1.el8_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"firefox-60.7.0-1.el8_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"firefox-debuginfo-60.7.0-1.el8_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"firefox-debuginfo-60.7.0-1.el8_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"firefox-debugsource-60.7.0-1.el8_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"firefox-debugsource-60.7.0-1.el8_0\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo / firefox-debugsource\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:31:42", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "CentOS 7 : firefox (CESA-2019:1265)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-1265.NASL", "href": "https://www.tenable.com/plugins/nessus/125553", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1265 and \n# CentOS Errata and Security Advisory 2019:1265 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125553);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"RHSA\", value:\"2019:1265\");\n\n script_name(english:\"CentOS 7 : firefox (CESA-2019:1265)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects\n(CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-May/023317.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29fd3e21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11691\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-60.7.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-19T16:04:28", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities:\n\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9816)\n\n - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317)\n\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-11698)\n\n - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed.\n This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\n This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux.\n This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.\n (CVE-2019-11693)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9800)\n\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9817)\n\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0159)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-06T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0159_FIREFOX.NASL", "href": "https://www.tenable.com/plugins/nessus/127439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0159. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127439);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(107009);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0159)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected\nby multiple vulnerabilities:\n\n - A possible vulnerability exists where type confusion can\n occur when manipulating JavaScript objects in object\n groups, allowing for the bypassing of security checks\n within these groups. *Note: this vulnerability has only\n been demonstrated with UnboxedObjects, which are\n disabled by default on all supported releases.*. This\n vulnerability affects Thunderbird < 60.7, Firefox < 67,\n and Firefox ESR < 60.7. (CVE-2019-9816)\n\n - png_image_free in png.c in libpng 1.6.36 has a use-\n after-free because png_image_free_function is called\n under png_safe_execute. (CVE-2019-7317)\n\n - If a crafted hyperlink is dragged and dropped to the\n bookmark bar or sidebar and the resulting bookmark is\n subsequently dragged and dropped into the web content\n area, an arbitrary query of a user's browser history can\n be run and transmitted to the content page via drop\n event data. This allows for the theft of browser history\n by a malicious site. This vulnerability affects\n Thunderbird < 60.7, Firefox < 67, and Firefox ESR <\n 60.7. (CVE-2019-11698)\n\n - Lack of correct bounds checking in Skia in Google Chrome\n prior to 73.0.3683.75 allowed a remote attacker to\n perform an out of bounds memory read via a crafted HTML\n page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in\n violation of the same-origin policy using the\n transferFromImageBitmap method. *Note: This only affects\n Firefox 65. Previous versions are unaffected.*. This\n vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - A use-after-free vulnerability can occur when working\n with XMLHttpRequest (XHR) in an event loop, causing the\n XHR main thread to be called after it has been freed.\n This results in a potentially exploitable crash. This\n vulnerability affects Thunderbird < 60.7, Firefox < 67,\n and Firefox ESR < 60.7. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners\n are removed from the event listener manager while still\n in use, resulting in a potentially exploitable crash.\n This vulnerability affects Thunderbird < 60.7, Firefox <\n 67, and Firefox ESR < 60.7. (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a\n buffer overflow with specific graphics drivers on Linux.\n This could result in malicious content freezing a tab or\n triggering a potentially exploitable crash. *Note: this\n issue only occurs on Linux. Other operating systems are\n unaffected.*. This vulnerability affects Thunderbird <\n 60.7, Firefox < 67, and Firefox ESR < 60.7.\n (CVE-2019-11693)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and then rendering\n the resulting bitmap image within a canvas element. This\n vulnerability affects Firefox < 66. (CVE-2019-9797)\n\n - Mozilla developers and community members reported memory\n safety bugs present in Firefox 66, Firefox ESR 60.6, and\n Thunderbird 60.6. Some of these bugs showed evidence of\n memory corruption and we presume that with enough effort\n that some of these could be exploited to run arbitrary\n code. This vulnerability affects Thunderbird < 60.7,\n Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9800)\n\n - Images from a different domain can be read using a\n canvas object in some circumstances. This could be used\n to steal image data from a different site in violation\n of same-origin policy. This vulnerability affects\n Thunderbird < 60.7, Firefox < 67, and Firefox ESR <\n 60.7. (CVE-2019-9817)\n\n - A vulnerability where a JavaScript compartment mismatch\n can occur while working with the fetch API, resulting in\n a potentially exploitable crash. This vulnerability\n affects Thunderbird < 60.7, Firefox < 67, and Firefox\n ESR < 60.7. (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome\n event handler when it is freed while still in use. This\n results in a potentially exploitable crash. This\n vulnerability affects Thunderbird < 60.7, Firefox < 67,\n and Firefox ESR < 60.7. (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0159\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"firefox-60.7.0-1.el7.centos\",\n \"firefox-debuginfo-60.7.0-1.el7.centos\"\n ],\n \"CGSL MAIN 5.04\": [\n \"firefox-60.7.0-1.el7.centos\",\n \"firefox-debuginfo-60.7.0-1.el7.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:30:41", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-05-24T00:00:00", "type": "nessus", "title": "RHEL 7 : firefox (RHSA-2019:1265)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1265.NASL", "href": "https://www.tenable.com/plugins/nessus/125382", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1265. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125382);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"RHSA\", value:\"2019:1265\");\n\n script_name(english:\"RHEL 7 : firefox (RHSA-2019:1265)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects\n(CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-18511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11698\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1265\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"firefox-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"firefox-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"firefox-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"firefox-debuginfo-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"firefox-debuginfo-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-19T16:04:29", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities:\n\n - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9816)\n\n - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317)\n\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-11698)\n\n - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed.\n This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\n This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux.\n This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.\n (CVE-2019-11693)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9800)\n\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9817)\n\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0167)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-06T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0167_FIREFOX.NASL", "href": "https://www.tenable.com/plugins/nessus/127455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0167. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127455);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(107009);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0167)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple\nvulnerabilities:\n\n - A possible vulnerability exists where type confusion can\n occur when manipulating JavaScript objects in object\n groups, allowing for the bypassing of security checks\n within these groups. *Note: this vulnerability has only\n been demonstrated with UnboxedObjects, which are\n disabled by default on all supported releases.*. This\n vulnerability affects Thunderbird < 60.7, Firefox < 67,\n and Firefox ESR < 60.7. (CVE-2019-9816)\n\n - png_image_free in png.c in libpng 1.6.36 has a use-\n after-free because png_image_free_function is called\n under png_safe_execute. (CVE-2019-7317)\n\n - If a crafted hyperlink is dragged and dropped to the\n bookmark bar or sidebar and the resulting bookmark is\n subsequently dragged and dropped into the web content\n area, an arbitrary query of a user's browser history can\n be run and transmitted to the content page via drop\n event data. This allows for the theft of browser history\n by a malicious site. This vulnerability affects\n Thunderbird < 60.7, Firefox < 67, and Firefox ESR <\n 60.7. (CVE-2019-11698)\n\n - Lack of correct bounds checking in Skia in Google Chrome\n prior to 73.0.3683.75 allowed a remote attacker to\n perform an out of bounds memory read via a crafted HTML\n page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in\n violation of the same-origin policy using the\n transferFromImageBitmap method. *Note: This only affects\n Firefox 65. Previous versions are unaffected.*. This\n vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - A use-after-free vulnerability can occur when working\n with XMLHttpRequest (XHR) in an event loop, causing the\n XHR main thread to be called after it has been freed.\n This results in a potentially exploitable crash. This\n vulnerability affects Thunderbird < 60.7, Firefox < 67,\n and Firefox ESR < 60.7. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners\n are removed from the event listener manager while still\n in use, resulting in a potentially exploitable crash.\n This vulnerability affects Thunderbird < 60.7, Firefox <\n 67, and Firefox ESR < 60.7. (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a\n buffer overflow with specific graphics drivers on Linux.\n This could result in malicious content freezing a tab or\n triggering a potentially exploitable crash. *Note: this\n issue only occurs on Linux. Other operating systems are\n unaffected.*. This vulnerability affects Thunderbird <\n 60.7, Firefox < 67, and Firefox ESR < 60.7.\n (CVE-2019-11693)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and then rendering\n the resulting bitmap image within a canvas element. This\n vulnerability affects Firefox < 66. (CVE-2019-9797)\n\n - Mozilla developers and community members reported memory\n safety bugs present in Firefox 66, Firefox ESR 60.6, and\n Thunderbird 60.6. Some of these bugs showed evidence of\n memory corruption and we presume that with enough effort\n that some of these could be exploited to run arbitrary\n code. This vulnerability affects Thunderbird < 60.7,\n Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9800)\n\n - Images from a different domain can be read using a\n canvas object in some circumstances. This could be used\n to steal image data from a different site in violation\n of same-origin policy. This vulnerability affects\n Thunderbird < 60.7, Firefox < 67, and Firefox ESR <\n 60.7. (CVE-2019-9817)\n\n - A vulnerability where a JavaScript compartment mismatch\n can occur while working with the fetch API, resulting in\n a potentially exploitable crash. This vulnerability\n affects Thunderbird < 60.7, Firefox < 67, and Firefox\n ESR < 60.7. (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome\n event handler when it is freed while still in use. This\n results in a potentially exploitable crash. This\n vulnerability affects Thunderbird < 60.7, Firefox < 67,\n and Firefox ESR < 60.7. (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0167\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"firefox-60.7.2-1.el6.centos\",\n \"firefox-debuginfo-60.7.2-1.el6.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:07:00", "description": "From Red Hat Security Advisory 2019:1269 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : firefox (ELSA-2019-1269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-1269.NASL", "href": "https://www.tenable.com/plugins/nessus/127587", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1269 and \n# Oracle Linux Security Advisory ELSA-2019-1269 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127587);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1269\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Linux 8 : firefox (ELSA-2019-1269)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1269 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects\n(CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/008992.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"firefox-60.7.0-1.0.2.el8_0\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:38:23", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:1269 advisory.\n\n - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n - chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\n - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : firefox (CESA-2019:1269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS8_RHSA-2019-1269.NASL", "href": "https://www.tenable.com/plugins/nessus/145688", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:1269. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145688);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(\n 107009,\n 107363,\n 107486,\n 108098,\n 108418\n );\n script_xref(name:\"RHSA\", value:\"2019:1269\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"CentOS 8 : firefox (CESA-2019:1269)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2019:1269 advisory.\n\n - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n (CVE-2019-11698)\n\n - chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\n - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1269\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'firefox-60.7.0-1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-60.7.0-1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:29:41", "description": "From Red Hat Security Advisory 2019:1265 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : firefox (ELSA-2019-1265)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-1265.NASL", "href": "https://www.tenable.com/plugins/nessus/125443", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1265 and \n# Oracle Linux Security Advisory ELSA-2019-1265 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125443);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"RHSA\", value:\"2019:1265\");\n\n script_name(english:\"Oracle Linux 7 : firefox (ELSA-2019-1265)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2019:1265 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects\n(CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-May/008760.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-60.7.0-1.0.1.el7_6\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-19T16:00:10", "description": "Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\nMozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\nCross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.\nThis vulnerability affects Firefox < 66. (CVE-2019-9797)\n\nMozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\nMozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\nMozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\nMozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\nLack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798)\n\nMozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\npng_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.\n(CVE-2019-9817)\n\nlibpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nCross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method.\n*Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.\n(CVE-2018-18511)", "cvss3": {}, "published": "2019-06-14T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : thunderbird (ALAS-2019-1229)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:thunderbird", "p-cpe:/a:amazon:linux:thunderbird-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1229.NASL", "href": "https://www.tenable.com/plugins/nessus/125901", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1229.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125901);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"ALAS\", value:\"2019-1229\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux 2 : thunderbird (ALAS-2019-1229)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\nMozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\nCross-origin images can be read in violation of the same-origin policy\nby exporting an image after using createImageBitmap to read the image\nand then rendering the resulting bitmap image within a canvas element.\nThis vulnerability affects Firefox < 66. (CVE-2019-9797)\n\nMozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\nMozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\nMozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\nMozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\nLack of correct bounds checking in Skia in Google Chrome prior to\n73.0.3683.75 allowed a remote attacker to perform an out of bounds\nmemory read via a crafted HTML page. (CVE-2019-5798)\n\nMozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\npng_image_free in png.c in libpng 1.6.36 has a use-after-free because\npng_image_free_function is called under png_safe_execute.\n(CVE-2019-9817)\n\nlibpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nCross-origin images can be read from a canvas element in violation of\nthe same-origin policy using the transferFromImageBitmap method.\n*Note: This only affects Firefox 65. Previous versions are\nunaffected.*. This vulnerability affects Firefox < 65.0.1.\n(CVE-2018-18511)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1229.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update thunderbird' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"thunderbird-60.7.0-1.amzn2.0.1\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-60.7.0-1.amzn2.0.1\", allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T15:59:51", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "CentOS 7 : thunderbird (CESA-2019:1309)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-1309.NASL", "href": "https://www.tenable.com/plugins/nessus/125802", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1309 and \n# CentOS Errata and Security Advisory 2019:1309 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125802);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1309\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"CentOS 7 : thunderbird (CESA-2019:1309)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-June/023320.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0a91c92\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11691\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-60.7.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:04:53", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities:\n\n - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (CVE-2019-11698, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820)\n\n - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0088)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-06T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0088_THUNDERBIRD.NASL", "href": "https://www.tenable.com/plugins/nessus/127305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0088. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127305);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(107009);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0088)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are\naffected by multiple vulnerabilities:\n\n - png_image_free in png.c in libpng 1.6.36 has a use-\n after-free because png_image_free_function is called\n under png_safe_execute. (CVE-2019-7317)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate will\n be provided. (CVE-2019-11698, CVE-2019-11691,\n CVE-2019-11692, CVE-2019-11693, CVE-2019-9800,\n CVE-2019-9817, CVE-2019-9819, CVE-2019-9820)\n\n - Lack of correct bounds checking in Skia in Google Chrome\n prior to 73.0.3683.75 allowed a remote attacker to\n perform an out of bounds memory read via a crafted HTML\n page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in\n violation of the same-origin policy using the\n transferFromImageBitmap method. *Note: This only affects\n Firefox 65. Previous versions are unaffected.*. This\n vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and then rendering\n the resulting bitmap image within a canvas element. This\n vulnerability affects Firefox < 66. (CVE-2019-9797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0088\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL thunderbird packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"thunderbird-60.7.0-1.el7.centos\",\n \"thunderbird-debuginfo-60.7.0-1.el7.centos\"\n ],\n \"CGSL MAIN 5.05\": [\n \"thunderbird-60.7.0-1.el7.centos\",\n \"thunderbird-debuginfo-60.7.0-1.el7.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T15:59:04", "description": "From Red Hat Security Advisory 2019:1309 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : thunderbird (ELSA-2019-1309)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-1309.NASL", "href": "https://www.tenable.com/plugins/nessus/125688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1309 and \n# Oracle Linux Security Advisory ELSA-2019-1309 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125688);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1309\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Linux 7 : thunderbird (ELSA-2019-1309)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1309 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-June/008782.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-60.7.0-1.0.1.el7_6\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-21T15:56:02", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "CentOS 6 : thunderbird (CESA-2019:1310)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2019-1310.NASL", "href": "https://www.tenable.com/plugins/nessus/125803", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1310 and \n# CentOS Errata and Security Advisory 2019:1310 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125803);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1310\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"CentOS 6 : thunderbird (CESA-2019:1310)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n # https://lists.centos.org/pipermail/centos-announce/2019-June/023327.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f0fb68fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11691\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-60.7.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:30:42", "description": "Multiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service.", "cvss3": {}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "Debian DSA-4451-1 : thunderbird - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2019-07-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:thunderbird", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4451.NASL", "href": "https://www.tenable.com/plugins/nessus/125415", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4451. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125415);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/07/26 16:46:13\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"DSA\", value:\"4451\");\n\n script_name(english:\"Debian DSA-4451-1 : thunderbird - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Thunderbird: Multiple\nvulnerabilities may lead to the execution of arbitrary code or denial\nof service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4451\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the thunderbird packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1:60.7.0-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"calendar-google-provider\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-dbg\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-dev\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-all\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ar\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ast\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-be\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-bg\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-bn-bd\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-br\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ca\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-cs\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-da\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-de\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-dsb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-el\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-en-gb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-es-ar\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-es-es\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-et\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-eu\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fi\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fy-nl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ga-ie\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-gd\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-gl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-he\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hsb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hu\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hy-am\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-id\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-is\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-it\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ja\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-kab\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ko\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-lt\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nb-no\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nn-no\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pa-in\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pt-br\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pt-pt\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-rm\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ro\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ru\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-si\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sq\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sv-se\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ta-lk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-tr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-uk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-vi\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-zh-cn\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-zh-tw\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-extension\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ar\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ast\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-be\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-bg\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-bn-bd\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-br\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ca\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-cs\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-cy\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-da\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-de\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-dsb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-el\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-en-gb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-es-ar\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-es-es\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-et\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-eu\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fi\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fy-nl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ga-ie\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-gd\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-gl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-he\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hsb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hu\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hy-am\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-id\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-is\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-it\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ja\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-kab\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ko\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-lt\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nb-no\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nn-no\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pa-in\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pt-br\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pt-pt\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-rm\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ro\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ru\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-si\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sq\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sv-se\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ta-lk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-tr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-uk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-vi\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-zh-cn\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-zh-tw\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ar\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ast\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-be\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-bg\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-bn-bd\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-br\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ca\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-cs\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-cy\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-da\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-de\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-dsb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-el\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-en-gb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-es-ar\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-es-es\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-et\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-eu\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fi\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fy-nl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ga-ie\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-gd\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-gl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-he\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hsb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hu\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hy-am\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-id\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-is\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-it\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ja\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-kab\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ko\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-lt\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nb-no\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nn-no\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pa-in\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pt-br\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pt-pt\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-rm\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ro\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ru\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-si\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sq\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sv-se\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ta-lk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-tr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-uk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-vi\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-zh-cn\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-zh-tw\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-dbg\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-dev\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-all\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ar\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ast\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-be\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-bg\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-bn-bd\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-br\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ca\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-cs\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-da\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-de\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-dsb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-el\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-en-gb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-es-ar\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-es-es\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-et\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-eu\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fi\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fy-nl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ga-ie\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-gd\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-gl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-he\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hsb\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hu\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hy-am\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-id\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-is\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-it\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ja\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-kab\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ko\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-lt\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nb-no\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nn-no\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pa-in\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pt-br\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pt-pt\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-rm\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ro\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ru\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-si\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sl\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sq\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sv-se\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ta-lk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-tr\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-uk\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-vi\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-zh-cn\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-zh-tw\", reference:\"1:60.7.0-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:32:27", "description": "Multiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:60.7.0-1~deb8u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "Debian DLA-1806-1 : thunderbird security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:icedove", "p-cpe:/a:debian:debian_linux:icedove-dbg", "p-cpe:/a:debian:debian_linux:icedove-dev", "p-cpe:/a:debian:debian_linux:icedove-l10n-all", "p-cpe:/a:debian:debian_linux:icedove-l10n-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-ast", "p-cpe:/a:debian:debian_linux:icedove-l10n-be", "p-cpe:/a:debian:debian_linux:icedove-l10n-bg", "p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:icedove-l10n-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-ca", "p-cpe:/a:debian:debian_linux:icedove-l10n-cs", "p-cpe:/a:debian:debian_linux:icedove-l10n-da", "p-cpe:/a:debian:debian_linux:icedove-l10n-de", "p-cpe:/a:debian:debian_linux:icedove-l10n-dsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-el", "p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-es", "p-cpe:/a:debian:debian_linux:icedove-l10n-et", "p-cpe:/a:debian:debian_linux:icedove-l10n-eu", "p-cpe:/a:debian:debian_linux:icedove-l10n-fi", "p-cpe:/a:debian:debian_linux:icedove-l10n-fr", "p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:icedove-l10n-gd", "p-cpe:/a:debian:debian_linux:icedove-l10n-gl", "p-cpe:/a:debian:debian_linux:icedove-l10n-he", "p-cpe:/a:debian:debian_linux:icedove-l10n-hr", "p-cpe:/a:debian:debian_linux:icedove-l10n-hsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-hu", "p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am", "p-cpe:/a:debian:debian_linux:icedove-l10n-id", "p-cpe:/a:debian:debian_linux:icedove-l10n-is", "p-cpe:/a:debian:debian_linux:icedove-l10n-it", "p-cpe:/a:debian:debian_linux:icedove-l10n-ja", "p-cpe:/a:debian:debian_linux:icedove-l10n-kab", "p-cpe:/a:debian:debian_linux:icedove-l10n-ko", "p-cpe:/a:debian:debian_linux:icedove-l10n-lt", "p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in", "p-cpe:/a:debian:debian_linux:icedove-l10n-pl", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:icedove-l10n-rm", "p-cpe:/a:debian:debian_linux:icedove-l10n-ro", "p-cpe:/a:debian:debian_linux:icedove-l10n-ru", "p-cpe:/a:debian:debian_linux:icedove-l10n-si", "p-cpe:/a:debian:debian_linux:icedove-l10n-sk", "p-cpe:/a:debian:debian_linux:icedove-l10n-sl", "p-cpe:/a:debian:debian_linux:icedove-l10n-sq", "p-cpe:/a:debian:debian_linux:icedove-l10n-sr", "p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se", "p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:icedove-l10n-tr", "p-cpe:/a:debian:debian_linux:icedove-l10n-uk", "p-cpe:/a:debian:debian_linux:icedove-l10n-vi", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceowl-extension", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ast", "p-cpe:/a:debian:debian_linux:iceowl-l10n-be", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bg", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceowl-l10n-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ca", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cs", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cy", "p-cpe:/a:debian:debian_linux:iceowl-l10n-da", "p-cpe:/a:debian:debian_linux:iceowl-l10n-de", "p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-el", "p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceowl-l10n-et", "p-cpe:/a:debian:debian_linux:iceowl-l10n-eu", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fi", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gd", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-he", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hu", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceowl-l10n-id", "p-cpe:/a:debian:debian_linux:iceowl-l10n-is", "p-cpe:/a:debian:debian_linux:iceowl-l10n-it", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ja", "p-cpe:/a:debian:debian_linux:iceowl-l10n-kab", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ko", "p-cpe:/a:debian:debian_linux:iceowl-l10n-lt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-rm", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ro", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ru", "p-cpe:/a:debian:debian_linux:iceowl-l10n-si", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sq", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-tr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-uk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-vi", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:lightning", "p-cpe:/a:debian:debian_linux:lightning-l10n-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-ast", "p-cpe:/a:debian:debian_linux:lightning-l10n-be", "p-cpe:/a:debian:debian_linux:lightning-l10n-bg", "p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:lightning-l10n-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-ca", "p-cpe:/a:debian:debian_linux:lightning-l10n-cs", "p-cpe:/a:debian:debian_linux:lightning-l10n-cy", "p-cpe:/a:debian:debian_linux:lightning-l10n-da", "p-cpe:/a:debian:debian_linux:lightning-l10n-de", "p-cpe:/a:debian:debian_linux:lightning-l10n-dsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-el", "p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-es", "p-cpe:/a:debian:debian_linux:lightning-l10n-et", "p-cpe:/a:debian:debian_linux:lightning-l10n-eu", "p-cpe:/a:debian:debian_linux:lightning-l10n-fi", "p-cpe:/a:debian:debian_linux:lightning-l10n-fr", "p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:lightning-l10n-gd", "p-cpe:/a:debian:debian_linux:lightning-l10n-gl", "p-cpe:/a:debian:debian_linux:lightning-l10n-he", "p-cpe:/a:debian:debian_linux:lightning-l10n-hr", "p-cpe:/a:debian:debian_linux:lightning-l10n-hsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-hu", "p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am", "p-cpe:/a:debian:debian_linux:lightning-l10n-id", "p-cpe:/a:debian:debian_linux:lightning-l10n-is", "p-cpe:/a:debian:debian_linux:lightning-l10n-it", "p-cpe:/a:debian:debian_linux:lightning-l10n-ja", "p-cpe:/a:debian:debian_linux:lightning-l10n-kab", "p-cpe:/a:debian:debian_linux:lightning-l10n-ko", "p-cpe:/a:debian:debian_linux:lightning-l10n-lt", "p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in", "p-cpe:/a:debian:debian_linux:lightning-l10n-pl", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:lightning-l10n-rm", "p-cpe:/a:debian:debian_linux:lightning-l10n-ro", "p-cpe:/a:debian:debian_linux:lightning-l10n-ru", "p-cpe:/a:debian:debian_linux:lightning-l10n-si", "p-cpe:/a:debian:debian_linux:lightning-l10n-sk", "p-cpe:/a:debian:debian_linux:lightning-l10n-sl", "p-cpe:/a:debian:debian_linux:lightning-l10n-sq", "p-cpe:/a:debian:debian_linux:lightning-l10n-sr", "p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se", "p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:lightning-l10n-tr", "p-cpe:/a:debian:debian_linux:lightning-l10n-uk", "p-cpe:/a:debian:debian_linux:lightning-l10n-vi", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:thunderbird", "p-cpe:/a:debian:debian_linux:thunderbird-dbg", "p-cpe:/a:debian:debian_linux:thunderbird-dev", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-all", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-be", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-da", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-de", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-el", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-et", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-he", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-id", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-is", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-it", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-si", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1806.NASL", "href": "https://www.tenable.com/plugins/nessus/125412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1806-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125412);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n\n script_name(english:\"Debian DLA-1806-1 : thunderbird security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Thunderbird: Multiple\nvulnerabilities may lead to the execution of arbitrary code or denial\nof service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:60.7.0-1~deb8u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/thunderbird\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-extension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-all\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ar\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ast\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-be\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-bg\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-bn-bd\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-br\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ca\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-cs\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-da\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-de\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-dsb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-el\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-en-gb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-es-ar\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-es-es\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-et\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-eu\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-fi\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-fr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-fy-nl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ga-ie\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-gd\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-gl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-he\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hsb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hu\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-hy-am\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-id\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-is\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-it\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ja\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-kab\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ko\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-lt\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-nb-no\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-nl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-nn-no\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pa-in\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pt-br\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-pt-pt\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-rm\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ro\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ru\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-si\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sq\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-sv-se\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-ta-lk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-tr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-uk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-vi\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-zh-cn\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-l10n-zh-tw\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ar\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ast\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-be\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-bg\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-bn-bd\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-br\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ca\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-cs\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-cy\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-da\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-de\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-dsb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-el\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-en-gb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-es-ar\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-es-es\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-et\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-eu\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-fi\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-fr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-fy-nl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ga-ie\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-gd\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-gl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-he\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hsb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hu\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-hy-am\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-id\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-is\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-it\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ja\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-kab\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ko\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-lt\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-nb-no\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-nl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-nn-no\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pa-in\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pt-br\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-pt-pt\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-rm\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ro\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ru\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-si\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sq\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-sv-se\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-ta-lk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-tr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-uk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-vi\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-zh-cn\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-l10n-zh-tw\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ar\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ast\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-be\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-bg\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-bn-bd\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-br\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ca\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-cs\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-cy\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-da\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-de\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-dsb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-el\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-en-gb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-es-ar\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-es-es\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-et\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-eu\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-fi\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-fr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-fy-nl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ga-ie\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-gd\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-gl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-he\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hsb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hu\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-hy-am\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-id\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-is\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-it\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ja\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-kab\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ko\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-lt\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-nb-no\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-nl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-nn-no\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pa-in\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pt-br\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-pt-pt\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-rm\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ro\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ru\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-si\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sq\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-sv-se\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-ta-lk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-tr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-uk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-vi\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-zh-cn\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lightning-l10n-zh-tw\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-dbg\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-dev\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-all\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ar\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ast\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-be\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-bg\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-bn-bd\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-br\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ca\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-cs\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-da\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-de\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-dsb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-el\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-en-gb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-es-ar\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-es-es\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-et\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-eu\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-fi\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-fr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-fy-nl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ga-ie\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-gd\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-gl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-he\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hsb\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hu\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-hy-am\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-id\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-is\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-it\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ja\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-kab\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ko\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-lt\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-nb-no\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-nl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-nn-no\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pa-in\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pt-br\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-pt-pt\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-rm\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ro\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ru\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-si\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sl\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sq\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-sv-se\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-ta-lk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-tr\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-uk\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-vi\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-zh-cn\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"thunderbird-l10n-zh-tw\", reference:\"1:60.7.0-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-19T16:06:16", "description": "From Red Hat Security Advisory 2019:1308 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : thunderbird (ELSA-2019-1308)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-1308.NASL", "href": "https://www.tenable.com/plugins/nessus/127589", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1308 and \n# Oracle Linux Security Advisory ELSA-2019-1308 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127589);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1308\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Linux 8 : thunderbird (ELSA-2019-1308)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1308 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/008993.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"thunderbird-60.7.0-1.0.1.el8_0\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-23T02:32:25", "description": "From Red Hat Security Advisory 2019:1267 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : firefox (ELSA-2019-1267)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2019-1267.NASL", "href": "https://www.tenable.com/plugins/nessus/125444", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1267 and \n# Oracle Linux Security Advisory ELSA-2019-1267 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125444);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"RHSA\", value:\"2019:1267\");\n\n script_name(english:\"Oracle Linux 6 : firefox (ELSA-2019-1267)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2019:1267 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects\n(CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-May/008759.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"firefox-60.7.0-1.0.1.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:31:41", "description": "This update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n - chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)", "cvss3": {}, "published": "2019-05-28T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL7.x x86_64 (20190524)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190524_FIREFOX_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125449", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125449);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL7.x x86_64 (20190524)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and\n Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Cross-origin theft of images with\n createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Type confusion with object groups and\n UnboxedObjects (CVE-2019-9816)\n\n - Mozilla: Stealing of cross-domain images using canvas\n (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API\n (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by\n DocShell (CVE-2019-9820)\n\n - Mozilla: Use-after-free in XMLHttpRequest\n (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event\n listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux\n (CVE-2019-11693)\n\n - mozilla: Cross-origin theft of images with\n ImageBitmapRenderingContext (CVE-2018-18511)\n\n - chromium-browser: Out of bounds read in Skia\n (CVE-2019-5798)\n\n - Mozilla: Theft of user history data through drag and\n drop of hyperlinks to and from bookmarks\n (CVE-2019-11698)\n\n - libpng: use-after-free in png_image_free in png.c\n (CVE-2019-7317)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1905&L=SCIENTIFIC-LINUX-ERRATA&P=5954\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d55e48c7\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:32:25", "description": "An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "CentOS 6 : firefox (CESA-2019:1267)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2019-1267.NASL", "href": "https://www.tenable.com/plugins/nessus/125554", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1267 and \n# CentOS Errata and Security Advisory 2019:1267 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125554);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9816\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"RHSA\", value:\"2019:1267\");\n\n script_name(english:\"CentOS 6 : firefox (CESA-2019:1267)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser, designed for standards\ncompliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects\n(CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-May/023318.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1244372e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11691\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-60.7.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-19T16:04:29", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities:\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (CVE-2019-9816, CVE-2019-11698, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820)\n\n - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317)\n\n - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0087)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0087_FIREFOX.NASL", "href": "https://www.tenable.com/plugins/nessus/127304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0087. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127304);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(107009);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0087)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected\nby multiple vulnerabilities:\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate will\n be provided. (CVE-2019-9816, CVE-2019-11698,\n CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,\n CVE-2019-9800, CVE-2019-9817, CVE-2019-9819,\n CVE-2019-9820)\n\n - png_image_free in png.c in libpng 1.6.36 has a use-\n after-free because png_image_free_function is called\n under png_safe_execute. (CVE-2019-7317)\n\n - Lack of correct bounds checking in Skia in Google Chrome\n prior to 73.0.3683.75 allowed a remote attacker to\n perform an out of bounds memory read via a crafted HTML\n page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in\n violation of the same-origin policy using the\n transferFromImageBitmap method. *Note: This only affects\n Firefox 65. Previous versions are unaffected.*. This\n vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and then rendering\n the resulting bitmap image within a canvas element. This\n vulnerability affects Firefox < 66. (CVE-2019-9797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"firefox-60.7.0-1.el7.centos\",\n \"firefox-debuginfo-60.7.0-1.el7.centos\"\n ],\n \"CGSL MAIN 5.05\": [\n \"firefox-60.7.0-1.el7.centos\",\n \"firefox-debuginfo-60.7.0-1.el7.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:06:15", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities:\n\n - png_image_free in png.c in libpng 1.6.36 has a use- after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317)\n\n - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-11698)\n\n - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed.\n This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.\n This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux.\n This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.\n (CVE-2019-11693)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9800)\n\n - Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9817)\n\n - A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0158)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-06T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0158_THUNDERBIRD.NASL", "href": "https://www.tenable.com/plugins/nessus/127438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0158. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127438);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(107009);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0158)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are\naffected by multiple vulnerabilities:\n\n - png_image_free in png.c in libpng 1.6.36 has a use-\n after-free because png_image_free_function is called\n under png_safe_execute. (CVE-2019-7317)\n\n - If a crafted hyperlink is dragged and dropped to the\n bookmark bar or sidebar and the resulting bookmark is\n subsequently dragged and dropped into the web content\n area, an arbitrary query of a user's browser history can\n be run and transmitted to the content page via drop\n event data. This allows for the theft of browser history\n by a malicious site. This vulnerability affects\n Thunderbird < 60.7, Firefox < 67, and Firefox ESR <\n 60.7. (CVE-2019-11698)\n\n - Lack of correct bounds checking in Skia in Google Chrome\n prior to 73.0.3683.75 allowed a remote attacker to\n perform an out of bounds memory read via a crafted HTML\n page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in\n violation of the same-origin policy using the\n transferFromImageBitmap method. *Note: This only affects\n Firefox 65. Previous versions are unaffected.*. This\n vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - A use-after-free vulnerability can occur when working\n with XMLHttpRequest (XHR) in an event loop, causing the\n XHR main thread to be called after it has been freed.\n This results in a potentially exploitable crash. This\n vulnerability affects Thunderbird < 60.7, Firefox < 67,\n and Firefox ESR < 60.7. (CVE-2019-11691)\n\n - A use-after-free vulnerability can occur when listeners\n are removed from the event listener manager while still\n in use, resulting in a potentially exploitable crash.\n This vulnerability affects Thunderbird < 60.7, Firefox <\n 67, and Firefox ESR < 60.7. (CVE-2019-11692)\n\n - The bufferdata function in WebGL is vulnerable to a\n buffer overflow with specific graphics drivers on Linux.\n This could result in malicious content freezing a tab or\n triggering a potentially exploitable crash. *Note: this\n issue only occurs on Linux. Other operating systems are\n unaffected.*. This vulnerability affects Thunderbird <\n 60.7, Firefox < 67, and Firefox ESR < 60.7.\n (CVE-2019-11693)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and then rendering\n the resulting bitmap image within a canvas element. This\n vulnerability affects Firefox < 66. (CVE-2019-9797)\n\n - Mozilla developers and community members reported memory\n safety bugs present in Firefox 66, Firefox ESR 60.6, and\n Thunderbird 60.6. Some of these bugs showed evidence of\n memory corruption and we presume that with enough effort\n that some of these could be exploited to run arbitrary\n code. This vulnerability affects Thunderbird < 60.7,\n Firefox < 67, and Firefox ESR < 60.7. (CVE-2019-9800)\n\n - Images from a different domain can be read using a\n canvas object in some circumstances. This could be used\n to steal image data from a different site in violation\n of same-origin policy. This vulnerability affects\n Thunderbird < 60.7, Firefox < 67, and Firefox ESR <\n 60.7. (CVE-2019-9817)\n\n - A vulnerability where a JavaScript compartment mismatch\n can occur while working with the fetch API, resulting in\n a potentially exploitable crash. This vulnerability\n affects Thunderbird < 60.7, Firefox < 67, and Firefox\n ESR < 60.7. (CVE-2019-9819)\n\n - A use-after-free vulnerability can occur in the chrome\n event handler when it is freed while still in use. This\n results in a potentially exploitable crash. This\n vulnerability affects Thunderbird < 60.7, Firefox < 67,\n and Firefox ESR < 60.7. (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0158\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL thunderbird packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"thunderbird-60.7.0-1.el7.centos\",\n \"thunderbird-debuginfo-60.7.0-1.el7.centos\"\n ],\n \"CGSL MAIN 5.04\": [\n \"thunderbird-60.7.0-1.el7.centos\",\n \"thunderbird-debuginfo-60.7.0-1.el7.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:00:10", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "RHEL 6 : thunderbird (RHSA-2019:1310)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-1310.NASL", "href": "https://www.tenable.com/plugins/nessus/125692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1310. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125692);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1310\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 6 : thunderbird (RHSA-2019:1310)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-18511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-5798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-7317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11698\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1310\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:00:31", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2019:1308)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debugsource", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-1308.NASL", "href": "https://www.tenable.com/plugins/nessus/125690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1308. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125690);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1308\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2019:1308)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-18511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-5798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-7317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11698\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird, thunderbird-debuginfo and / or\nthunderbird-debugsource packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1308\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"thunderbird-60.7.0-1.el8_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-60.7.0-1.el8_0\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"thunderbird-debugsource-60.7.0-1.el8_0\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo / thunderbird-debugsource\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:38:03", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:1308 advisory.\n\n - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n - chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\n - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : thunderbird (CESA-2019:1308)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS8_RHSA-2019-1308.NASL", "href": "https://www.tenable.com/plugins/nessus/145630", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:1308. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145630);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\"\n );\n script_bugtraq_id(\n 107009,\n 107363,\n 107486,\n 108098,\n 108418\n );\n script_xref(name:\"RHSA\", value:\"2019:1308\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"CentOS 8 : thunderbird (CESA-2019:1308)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2019:1308 advisory.\n\n - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n (CVE-2019-11698)\n\n - chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\n - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1308\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9820\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'thunderbird-60.7.0-1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:00:10", "description": "From Red Hat Security Advisory 2019:1310 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : thunderbird (ELSA-2019-1310)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2019-1310.NASL", "href": "https://www.tenable.com/plugins/nessus/125689", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1310 and \n# Oracle Linux Security Advisory ELSA-2019-1310 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125689);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1310\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2019-1310)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:1310 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-June/008783.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"thunderbird-60.7.0-1.0.1.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-21T15:56:54", "description": "Security Fix(es) :\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n - chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)", "cvss3": {}, "published": "2019-06-05T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190604)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190604_THUNDERBIRD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125716", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125716);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190604)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and\n Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Cross-origin theft of images with\n createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Stealing of cross-domain images using canvas\n (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API\n (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by\n DocShell (CVE-2019-9820)\n\n - Mozilla: Use-after-free in XMLHttpRequest\n (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event\n listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux\n (CVE-2019-11693)\n\n - mozilla: Cross-origin theft of images with\n ImageBitmapRenderingContext (CVE-2018-18511)\n\n - chromium-browser: Out of bounds read in Skia\n (CVE-2019-5798)\n\n - Mozilla: Theft of user history data through drag and\n drop of hyperlinks to and from bookmarks\n (CVE-2019-11698)\n\n - libpng: use-after-free in png_image_free in png.c\n (CVE-2019-7317)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1906&L=SCIENTIFIC-LINUX-ERRATA&P=75\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f213c9a1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:00:31", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "RHEL 7 : thunderbird (RHSA-2019:1309)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1309.NASL", "href": "https://www.tenable.com/plugins/nessus/125691", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1309. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125691);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1309\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : thunderbird (RHSA-2019:1309)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.7.0.\n\nSecurity Fix(es) :\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Stealing of cross-domain images using canvas\n(CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell\n(CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener\nmanager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux\n(CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with\nImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of\nhyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-18511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-5798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-7317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11698\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1309\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-60.7.0-1.el7_6\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T15:59:04", "description": "Security Fix(es) :\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n - Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n - mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n - chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n - Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n - libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)", "cvss3": {}, "published": "2019-06-05T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190604)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190604_THUNDERBIRD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125715", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125715);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-18511\", \"CVE-2019-11691\", \"CVE-2019-11692\", \"CVE-2019-11693\", \"CVE-2019-11698\", \"CVE-2019-5798\", \"CVE-2019-7317\", \"CVE-2019-9797\", \"CVE-2019-9800\", \"CVE-2019-9817\", \"CVE-2019-9819\", \"CVE-2019-9820\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190604)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Mozilla: Memory safety bugs fixed in Firefox 67 and\n Firefox ESR 60.7 (CVE-2019-9800)\n\n - Mozilla: Cross-origin theft of images with\n createImageBitmap (CVE-2019-9797)\n\n - Mozilla: Stealing of cross-domain images using canvas\n (CVE-2019-9817)\n\n - Mozilla: Compartment mismatch with fetch API\n (CVE-2019-9819)\n\n - Mozilla: Use-after-free of ChromeEventHandler by\n DocShell (CVE-2019-9820)\n\n - Mozilla: Use-after-free in XMLHttpRequest\n (CVE-2019-11691)\n\n - Mozilla: Use-after-free removing listeners in the event\n listener manager (CVE-2019-11692)\n\n - Mozilla: Buffer overflow in WebGL bufferdata on Linux\n (CVE-2019-11693)\n\n - mozilla: Cross-origin theft of images with\n ImageBitmapRenderingContext (CVE-2018-18511)\n\n - chromium-browser: Out of bounds read in Skia\n (CVE-2019-5798)\n\n - Mozilla: Theft of user history data through drag and\n drop of hyperlinks to and from bookmarks\n (CVE-2019-11698)\n\n - libpng: use-after-free in png_image_free in png.c\n (CVE-2019-7317)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1906&L=SCIENTIFIC-LINUX-ERRATA&P=396\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14bb5ebd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-60.7.0-1.el6_10\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:40", "description": "The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities:\n\n - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797)\n\n - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.\n (CVE-2019-11708)\n\n - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.\n (CVE-2019-11707)\n\n - png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. (CVE-2019-7317)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11698", "CVE-2019-11707", "CVE-2019-11708", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2023-04-25T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0175_FIREFOX.NASL", "href": "https://www.tenable.com/plugins/nessus/128691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0175. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128691);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11698\",\n \"CVE-2019-11707\",\n \"CVE-2019-11708\"\n );\n script_bugtraq_id(107009);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0458\");\n\n script_name(english:\"NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple\nvulnerabilities:\n\n - Lack of correct bounds checking in Skia in Google Chrome\n prior to 73.0.3683.75 allowed a remote attacker to\n perform an out of bounds memory read via a crafted HTML\n page. (CVE-2019-5798)\n\n - Cross-origin images can be read from a canvas element in\n violation of the same-origin policy using the\n transferFromImageBitmap method. *Note: This only affects\n Firefox 65. Previous versions are unaffected.*. This\n vulnerability affects Firefox < 65.0.1. (CVE-2018-18511)\n\n - Cross-origin images can be read in violation of the\n same-origin policy by exporting an image after using\n createImageBitmap to read the image and then rendering\n the resulting bitmap image within a canvas element. This\n vulnerability affects Firefox < 66. (CVE-2019-9797)\n\n - Insufficient vetting of parameters passed with the\n Prompt:Open IPC message between child and parent\n processes can result in the non-sandboxed parent process\n opening web content chosen by a compromised child\n process. When combined with additional vulnerabilities\n this could result in executing arbitrary code on the\n user's computer. This vulnerability affects Firefox ESR\n < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.\n (CVE-2019-11708)\n\n - A type confusion vulnerability can occur when\n manipulating JavaScript objects due to issues in\n Array.pop. This can allow for an exploitable crash. We\n are aware of targeted attacks in the wild abusing this\n flaw. This vulnerability affects Firefox ESR < 60.7.1,\n Firefox < 67.0.3, and Thunderbird < 60.7.2.\n (CVE-2019-11707)\n\n - png_image_free in png.c in libpng 1.6.x before 1.6.37\n has a use-after-free because png_image_free_function is\n called under png_safe_execute. (CVE-2019-7317)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0175\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11708\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.06\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.06\": [\n \"firefox-60.8.0-1.el6.centos\",\n \"firefox-debuginfo-60.8.0-1.el6.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:00:09", "description": "This update for MozillaThunderbird fixes the following issues :\n\nMozilla Thunderbird was updated to 60.7.0\n\n - Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut\n\nSecurity issues fixed (MFSA 2019-15 boo#1135824) :\n\n - CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext\n\n - CVE-2019-11691: Use-after-free in XMLHttpRequest\n\n - CVE-2019-11692: Use-after-free removing listeners in the event listener manager\n\n - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n\n - CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox\n\n - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n\n - CVE-2019-5798: Out-of-bounds read in Skia\n\n - CVE-2019-7317: Use-after-free in png_image_free of libpng library\n\n - CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n\n - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n\n - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n\n - CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n\n - CVE-2019-9817: Stealing of cross-domain images using canvas\n\n - CVE-2019-9818: Use-after-free in crash generation server\n\n - CVE-2019-9819: Compartment mismatch with fetch API\n\n - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n\n - Disable LTO (boo#1133267).\n\n - Add patch to fix build using rust-1.33: (boo#1130694)", "cvss3": {}, "published": "2019-06-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18511", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-11694", "CVE-2019-11698", "CVE-2019-5798", "CVE-2019-7317", "CVE-2019-9797", "CVE-2019-9800", "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo", "p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1484.NASL", "href": "https://www.tenable.com/plugins/nessus/125669", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1484.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125669);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-18511\",\n \"CVE-2019-11691\",\n \"CVE-2019-11692\",\n \"CVE-2019-11693\",\n \"CVE-2019-11694\",\n \"CVE-2019-11698\",\n \"CVE-2019-5798\",\n \"CVE-2019-7317\",\n \"CVE-2019-9797\",\n \"CVE-2019-9800\",\n \"CVE-2019-9815\",\n \"CVE-2019-9816\",\n \"CVE-2019-9817\",\n \"CVE-2019-9818\",\n \"CVE-2019-9819\",\n \"CVE-2019-9820\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaThunderbird fixes the following issues :\n\nMozilla Thunderbird was updated to 60.7.0\n\n - Attachment pane of Write window no longer focussed when\n attaching files using a keyboard shortcut\n\nSecurity issues fixed (MFSA 2019-15 boo#1135824) :\n\n - CVE-2018-18511: Cross-origin theft of images with\n ImageBitmapRenderingContext\n\n - CVE-2019-11691: Use-after-free in XMLHttpRequest\n\n - CVE-2019-11692: Use-after-free removing listeners in the\n event listener manager\n\n - CVE-2019-11693: Buffer overflow in WebGL bufferdata on\n Linux\n\n - CVE-2019-11694: (Windows only) Uninitialized memory\n memory leakage in Windows sandbox\n\n - CVE-2019-11698: Theft of user history data through drag\n and drop of hyperlinks to and from bookmarks\n\n - CVE-2019-5798: Out-of-bounds read in Skia\n\n - CVE-2019-7317: Use-after-free in png_image_free of\n libpng library\n\n - CVE-2019-9797: Cross-origin theft of images with\n createImageBitmap\n\n - CVE-2019-9800: Memory safety bugs fixed in Firefox 67\n and Firefox ESR 60.7\n\n -
Thunderbird vulnerabilities
