{"enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "vulnersScore": 9.3}, "edition": 2, "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-083", "modified": "2014-11-09T00:00:00", "published": "2014-04-11T00:00:00", "history": [{"differentElements": ["modified"], "edition": 1, "lastseen": "2016-09-04T11:33:44", "bulletin": {"published": "2014-04-11T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-083", "modified": "2014-09-04T00:00:00", "edition": 1, "history": [], "bulletinFamily": "info", "viewCount": 1, "objectVersion": "1.2", "hash": "6767fc6e3bd394339a40f80a808611f60701604495e086a636f50a7dc7068dcc", "title": "(Pwn2Own) Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability", "references": ["http://www.mozilla.org/security/announce/2014/mfsa2014-30.html "], "cvelist": ["CVE-2014-1512"], "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of TypeObjects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "type": "zdi", "id": "ZDI-14-083", "lastseen": "2016-09-04T11:33:44", "reporter": "VUPEN", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "fc6e45afd36d718d9fb6578ece896067", "key": "reporter"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "42935e01683474613f718d57632acc77", "key": "cvelist"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "c9e20feb85166f2a9f5b1c0382db2800", "key": "description"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "61db6fefa0967c107fcf2c4a59abc464", "key": "title"}, {"hash": "0ba4266b98eb8a4604966cf701ff5ee8", "key": "references"}, {"hash": "30f5f67501daecd2b53981aa723dc255", "key": "href"}, {"hash": "9a10e9ed12ba0880a3e4c132dbded84d", "key": "modified"}], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}}], "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of TypeObjects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "bulletinFamily": "info", "viewCount": 1, "objectVersion": "1.2", "hash": "078360728f9506143fdc9df6ed7a01788f8b6a9f849d7789cadf9fbd7de8dffe", "title": "(Pwn2Own) Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability", "references": ["http://www.mozilla.org/security/announce/2014/mfsa2014-30.html "], "cvelist": ["CVE-2014-1512"], "type": "zdi", "id": "ZDI-14-083", "lastseen": "2016-11-09T00:18:10", "reporter": "VUPEN", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "42935e01683474613f718d57632acc77", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "c9e20feb85166f2a9f5b1c0382db2800", "key": "description"}, {"hash": "30f5f67501daecd2b53981aa723dc255", "key": "href"}, {"hash": "0e8f4f13c11de32dac689cf2a0ab4284", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "0ba4266b98eb8a4604966cf701ff5ee8", "key": "references"}, {"hash": "fc6e45afd36d718d9fb6578ece896067", "key": "reporter"}, {"hash": "61db6fefa0967c107fcf2c4a59abc464", "key": "title"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}

{"cve": [{"lastseen": "2017-12-16T11:24:40", "references": ["http://www.mozilla.org/security/announce/2014/mfsa2014-30.html", "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html", "http://www.securityfocus.com/bid/66209", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html", "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html", "http://rhn.redhat.com/errata/RHSA-2014-0310.html", "http://www.debian.org/security/2014/dsa-2881", "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html", "http://www.debian.org/security/2014/dsa-2911", "http://www.ubuntu.com/usn/USN-2151-1", "https://bugzilla.mozilla.org/show_bug.cgi?id=982957", "http://archives.neohapsis.com/archives/bugtraq/2014-03/0145.html", "https://security.gentoo.org/glsa/201504-01", "http://rhn.redhat.com/errata/RHSA-2014-0316.html"], "edition": 3, "description": "Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.", "reporter": "NVD", "published": "2014-03-19T06:55:06", "title": "CVE-2014-1512", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-1512"], "scanner": [], "cpe": ["cpe:/a:mozilla:thunderbird:2.0.0.11", "cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:2.19:beta1", "cpe:/a:mozilla:firefox:2.0.0.9", "cpe:/a:mozilla:thunderbird:1.5.0.10", "cpe:/a:mozilla:thunderbird:3.0.6", "cpe:/a:mozilla:firefox:3.0.2", "cpe:/a:mozilla:seamonkey:2.1:beta2", "cpe:/a:mozilla:firefox:4.0:beta7", "cpe:/a:mozilla:firefox:3.5.6", "cpe:/a:mozilla:firefox:17.0.10", "cpe:/a:mozilla:firefox:1.5.0.3", "cpe:/a:mozilla:thunderbird:3.0.2", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:thunderbird:1.5.0.3", "cpe:/a:mozilla:seamonkey:2.17", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:thunderbird:2.0.0.9", "cpe:/a:mozilla:firefox:1.5.0.2", "cpe:/a:mozilla:firefox:2.0.0.14", "cpe:/a:mozilla:firefox:17.0.6", "cpe:/a:mozilla:firefox:20.0.1", "cpe:/a:mozilla:firefox:3.5.12", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.9:beta3", "cpe:/a:mozilla:seamonkey:2.1:alpha3", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:4.0:beta10", "cpe:/a:mozilla:firefox:3.5.14", "cpe:/a:mozilla:firefox:3.6.20", "cpe:/a:mozilla:firefox:2.0.0.18", "cpe:/a:mozilla:seamonkey:2.20:beta3", "cpe:/a:mozilla:seamonkey:2.4:beta1", "cpe:/a:mozilla:thunderbird:3.1.16", "cpe:/a:mozilla:firefox:2.0.0.8", "cpe:/a:mozilla:firefox:18.0", "cpe:/a:mozilla:seamonkey:2.25:beta2", "cpe:/a:mozilla:thunderbird:0.7", "cpe:/a:mozilla:seamonkey:2.12:beta5", "cpe:/a:mozilla:thunderbird:24.3", "cpe:/a:mozilla:seamonkey:2.14:beta1", "cpe:/a:mozilla:thunderbird:3.1.11", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:firefox:3.5.18", "cpe:/a:mozilla:thunderbird:3.0", "cpe:/a:mozilla:firefox:3.0.12", "cpe:/a:mozilla:firefox:17.0.11", "cpe:/a:mozilla:firefox:16.0.2", "cpe:/a:mozilla:seamonkey:2.11:beta1", "cpe:/a:mozilla:seamonkey:2.18:beta2", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:2.13:beta4", "cpe:/a:mozilla:firefox:0.4", "cpe:/a:mozilla:firefox:1.5.1", "cpe:/a:mozilla:firefox:1.5.4", "cpe:/a:mozilla:seamonkey:2.1:alpha1", "cpe:/a:mozilla:thunderbird:1.5:beta2", "cpe:/a:mozilla:thunderbird:17.0.8", "cpe:/a:mozilla:seamonkey:2.17:beta4", "cpe:/a:mozilla:firefox:2.0.0.13", "cpe:/a:mozilla:seamonkey:2.12:beta1", "cpe:/a:mozilla:firefox:3.5.19", "cpe:/a:mozilla:seamonkey:2.14:beta5", "cpe:/a:mozilla:seamonkey:2.0:beta_2", "cpe:/a:mozilla:seamonkey:2.15:beta3", "cpe:/a:mozilla:thunderbird:2.0.0.21", "cpe:/a:mozilla:thunderbird:24.1", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:firefox:10.0.4", "cpe:/a:mozilla:seamonkey:2.15.2", "cpe:/a:mozilla:firefox:0.5", "cpe:/a:mozilla:seamonkey:2.1:beta3", "cpe:/a:mozilla:seamonkey:2.0:beta_1", "cpe:/a:mozilla:seamonkey:2.25:beta1", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:seamonkey:2.11:beta3", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:firefox:3.5.3", "cpe:/a:mozilla:firefox:2.0.0.3", "cpe:/a:mozilla:thunderbird:1.0.8", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.7:beta2", "cpe:/a:mozilla:seamonkey:2.13.2", "cpe:/a:mozilla:seamonkey:2.22:beta2", "cpe:/a:mozilla:thunderbird:3.1.6", "cpe:/a:mozilla:firefox:2.0.0.2", "cpe:/a:mozilla:firefox:1.5.0.1", "cpe:/a:mozilla:firefox:3.6.12", "cpe:/a:mozilla:firefox:3.6.7", "cpe:/a:mozilla:firefox:3.6.2", "cpe:/a:mozilla:firefox:4.0:beta6", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox_esr:24.2", "cpe:/a:mozilla:seamonkey:2.7:beta4", "cpe:/a:mozilla:firefox:2.0.0.12", "cpe:/a:mozilla:seamonkey:2.23:beta2", "cpe:/a:mozilla:firefox:3.5.13", "cpe:/a:mozilla:thunderbird:3.0.7", "cpe:/a:mozilla:seamonkey:2.15:beta5", "cpe:/a:mozilla:firefox:3.0.4", "cpe:/a:mozilla:firefox:3.6.17", "cpe:/a:mozilla:seamonkey:2.13.1", "cpe:/a:mozilla:firefox:0.8", "cpe:/a:mozilla:firefox:25.0", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:firefox:3.0.14", "cpe:/a:mozilla:firefox:14.0.1", "cpe:/a:mozilla:seamonkey:2.3:beta2", "cpe:/a:mozilla:seamonkey:2.5:beta4", "cpe:/a:mozilla:firefox:3.6.4", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:1.5.7", "cpe:/a:mozilla:thunderbird:1.0.4", "cpe:/a:mozilla:firefox:17.0.7", "cpe:/a:mozilla:seamonkey:2.7:beta5", "cpe:/a:mozilla:firefox:3.6.19", "cpe:/a:mozilla:thunderbird:2.0.0.22", "cpe:/a:mozilla:seamonkey:2.13:beta1", "cpe:/a:mozilla:seamonkey:2.11:beta2", "cpe:/a:mozilla:firefox:1.0.5", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:thunderbird:2.0.0.12", "cpe:/a:mozilla:firefox:10.0.7", "cpe:/a:mozilla:thunderbird:1.5.0.2", "cpe:/a:mozilla:seamonkey:2.12:beta3", "cpe:/a:mozilla:seamonkey:2.15:beta2", "cpe:/a:mozilla:thunderbird:1.7.1", "cpe:/a:mozilla:firefox:2.0.0.17", "cpe:/a:mozilla:thunderbird:1.5.0.9", "cpe:/a:mozilla:firefox:24.1.1", "cpe:/a:mozilla:seamonkey:2.1:rc2", "cpe:/a:mozilla:firefox:0.10.1", "cpe:/a:mozilla:firefox:14.0", "cpe:/a:mozilla:firefox_esr:24.1.0", "cpe:/a:mozilla:seamonkey:2.23", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox:17.0.5", "cpe:/a:mozilla:firefox:2.0", "cpe:/a:mozilla:firefox:4.0:beta12", "cpe:/a:mozilla:thunderbird:1.5.0.4", "cpe:/a:mozilla:firefox:1.0:preview_release", "cpe:/a:mozilla:seamonkey:2.9:beta2", "cpe:/a:mozilla:thunderbird:3.0.10", "cpe:/a:mozilla:firefox:1.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox:2.0.0.20", "cpe:/a:mozilla:thunderbird:3.1", "cpe:/a:mozilla:firefox:1.5:beta1", "cpe:/a:mozilla:seamonkey:2.6:beta3", "cpe:/a:mozilla:firefox:4.0:beta4", "cpe:/a:mozilla:thunderbird:15.0.1", "cpe:/a:mozilla:firefox:1.0.3", "cpe:/a:mozilla:seamonkey:2.12", "cpe:/a:mozilla:firefox:2.0.0.10", "cpe:/a:mozilla:thunderbird:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.2:beta1", "cpe:/a:mozilla:firefox:4.0:beta8", "cpe:/a:mozilla:seamonkey:2.18:beta1", "cpe:/a:mozilla:seamonkey:2.20:beta1", "cpe:/a:mozilla:seamonkey:2.8:beta2", "cpe:/a:mozilla:seamonkey:2.0:rc1", "cpe:/a:mozilla:thunderbird:1.0", "cpe:/a:mozilla:seamonkey:2.13:beta2", "cpe:/a:mozilla:firefox:1.5.0.5", "cpe:/a:mozilla:firefox:1.5.0.12", "cpe:/a:mozilla:seamonkey:2.16:beta1", "cpe:/a:mozilla:thunderbird:1.0.1", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:firefox:27.0", "cpe:/a:mozilla:firefox:3.5.5", "cpe:/a:mozilla:firefox:10.0.5", "cpe:/a:mozilla:firefox:17.0.2", "cpe:/a:mozilla:firefox:3.0.5", "cpe:/a:mozilla:thunderbird:1.5.2", "cpe:/a:mozilla:firefox:3.6", "cpe:/a:mozilla:seamonkey:2.17:beta1", "cpe:/a:mozilla:thunderbird:3.1.3", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:1.5.0.1", "cpe:/a:mozilla:seamonkey:2.16", "cpe:/a:mozilla:firefox:0.9.2", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:firefox:1.5.6", "cpe:/a:mozilla:firefox:3.6.26", "cpe:/a:mozilla:firefox:23.0", "cpe:/a:mozilla:firefox:3.0.18", "cpe:/a:mozilla:seamonkey:2.3:beta3", "cpe:/a:mozilla:seamonkey:2.15", "cpe:/a:mozilla:seamonkey:2.11:beta6", "cpe:/a:mozilla:seamonkey:2.2:beta2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:firefox:1.5:beta2", "cpe:/a:mozilla:seamonkey:2.9:beta1", "cpe:/a:mozilla:seamonkey:2.1:alpha2", "cpe:/a:mozilla:firefox:1.0.4", "cpe:/a:mozilla:thunderbird:3.0.3", "cpe:/a:mozilla:thunderbird:0.4", "cpe:/a:mozilla:firefox:2.0.0.7", "cpe:/a:mozilla:firefox:3.5.1", "cpe:/a:mozilla:thunderbird:24.1.1", "cpe:/a:mozilla:seamonkey:2.5:beta1", "cpe:/a:mozilla:seamonkey:2.0:rc2", "cpe:/a:mozilla:firefox:3.5.7", "cpe:/a:mozilla:thunderbird:2.0.0.23", "cpe:/a:mozilla:firefox:1.0.7", "cpe:/a:mozilla:firefox:1.0.6", "cpe:/a:mozilla:thunderbird:17.0.7", "cpe:/a:mozilla:thunderbird:0.7.2", "cpe:/a:mozilla:firefox:20.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:firefox:3.0.9", "cpe:/a:mozilla:firefox:3.6.8", "cpe:/a:mozilla:firefox:1.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:2.11:beta5", "cpe:/a:mozilla:firefox:17.0.9", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.19", "cpe:/a:mozilla:thunderbird:3.0.8", "cpe:/a:mozilla:firefox:3.0.19", "cpe:/a:mozilla:thunderbird:24.2", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.16:beta3", "cpe:/a:mozilla:thunderbird:0.6", "cpe:/a:mozilla:seamonkey:2.24:beta1", "cpe:/a:mozilla:thunderbird:3.1.14", "cpe:/a:mozilla:firefox:2.0.0.15", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:seamonkey:2.21:beta1", "cpe:/a:mozilla:firefox:3.6.3", "cpe:/a:mozilla:firefox:3.6.23", "cpe:/a:mozilla:thunderbird:2.0.0.7", "cpe:/a:mozilla:seamonkey:2.11:beta4", "cpe:/a:mozilla:thunderbird:3.1.1", "cpe:/a:mozilla:firefox:3.6.9", "cpe:/a:mozilla:thunderbird:17.0", "cpe:/a:mozilla:firefox:3.6.24", "cpe:/a:mozilla:firefox:3.5", "cpe:/a:mozilla:firefox:1.5.0.10", "cpe:/a:mozilla:seamonkey:2.14:beta4", "cpe:/a:mozilla:seamonkey:2.0:alpha_3", "cpe:/a:mozilla:firefox:3.5.16", "cpe:/a:mozilla:seamonkey:2.12.1", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:3.1.2", "cpe:/a:mozilla:thunderbird:2.0.0.2", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:thunderbird:1.5.0.13", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:2.2:beta3", "cpe:/a:mozilla:firefox:15.0", "cpe:/a:mozilla:thunderbird:0.8", "cpe:/a:mozilla:firefox:19.0.1", "cpe:/a:mozilla:seamonkey:2.16:beta5", "cpe:/a:mozilla:firefox:1.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.5", "cpe:/a:mozilla:thunderbird:11.0.1", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox_esr:24.3", "cpe:/a:mozilla:firefox:17.0.8", "cpe:/a:mozilla:firefox:3.0.16", "cpe:/a:mozilla:seamonkey:2.15:beta1", "cpe:/a:mozilla:firefox:1.5.8", "cpe:/a:mozilla:firefox:4.0:beta5", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:2.0.0.13", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:thunderbird:16.0.2", "cpe:/a:mozilla:firefox:3.0.13", "cpe:/a:mozilla:thunderbird:2.0.0.20", "cpe:/a:mozilla:firefox:0.10", "cpe:/a:mozilla:seamonkey:2.5:beta2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:firefox:0.9.1", "cpe:/a:mozilla:firefox:10.0.3", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:thunderbird:17.0.2", "cpe:/a:mozilla:firefox:0.6", "cpe:/a:mozilla:firefox:13.0", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:2.1:beta1", "cpe:/a:mozilla:thunderbird:0.7.1", "cpe:/a:mozilla:firefox:3.6.22", "cpe:/a:mozilla:firefox:4.0:beta2", "cpe:/a:mozilla:firefox:1.5.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:24.0.1", "cpe:/a:mozilla:seamonkey:2.10.1", "cpe:/a:mozilla:firefox:17.0.3", "cpe:/a:mozilla:thunderbird:1.0.5:beta", "cpe:/a:mozilla:firefox:3.0.11", "cpe:/a:mozilla:seamonkey:2.4:beta2", "cpe:/a:mozilla:firefox:1.5.0.4", "cpe:/a:mozilla:thunderbird:24.0", "cpe:/a:mozilla:thunderbird:17.0.5", "cpe:/a:mozilla:firefox:3.6.28", "cpe:/a:mozilla:thunderbird:1.5.0.12", "cpe:/a:mozilla:firefox:2.0.0.1", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:firefox:1.5.0.9", "cpe:/a:mozilla:thunderbird:2.0.0.3", "cpe:/a:mozilla:firefox:1.5.2", "cpe:/a:mozilla:seamonkey:2.12:beta2", "cpe:/a:mozilla:seamonkey:2.13", "cpe:/a:mozilla:seamonkey:2.0:alpha_1", "cpe:/a:mozilla:thunderbird:17.0.4", "cpe:/a:mozilla:firefox:12.0", "cpe:/a:mozilla:firefox:3.6.16", "cpe:/a:mozilla:seamonkey:2.10", "cpe:/a:mozilla:thunderbird:3.0.4", "cpe:/a:mozilla:seamonkey:2.22.1", "cpe:/a:mozilla:seamonkey:2.23:beta1", "cpe:/a:mozilla:thunderbird:3.1.12", "cpe:/a:mozilla:seamonkey:2.8:beta3", "cpe:/a:mozilla:firefox:3.6.25", "cpe:/a:mozilla:thunderbird:0.7.3", "cpe:/a:mozilla:firefox:1.5.0.11", "cpe:/a:mozilla:thunderbird:1.0.5", "cpe:/a:mozilla:firefox:4.0:beta11", "cpe:/a:mozilla:seamonkey:2.13:beta6", "cpe:/a:mozilla:thunderbird:3.1.17", "cpe:/a:mozilla:thunderbird:17.0.1", "cpe:/a:mozilla:thunderbird:1.0.6", "cpe:/a:mozilla:firefox:19.0.2", "cpe:/a:mozilla:thunderbird:1.5.0.8", "cpe:/a:mozilla:seamonkey:2.15.1", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:firefox:3.0.3", "cpe:/a:mozilla:seamonkey:2.22", "cpe:/a:mozilla:seamonkey:2.8:beta6", "cpe:/a:mozilla:firefox:1.5.0.6", "cpe:/a:mozilla:seamonkey:2.17:beta2", "cpe:/a:mozilla:thunderbird:2.0", "cpe:/a:mozilla:firefox:10.0.10", "cpe:/a:mozilla:firefox:4.0:beta3", "cpe:/a:mozilla:firefox:2.0.0.6", "cpe:/a:mozilla:thunderbird:2.0.0.1", "cpe:/a:mozilla:firefox:10.0.9", "cpe:/a:mozilla:firefox:2.0.0.5", "cpe:/a:mozilla:firefox:1.5", "cpe:/a:mozilla:firefox:15.0.1", "cpe:/a:mozilla:firefox:3.0.6", "cpe:/a:mozilla:seamonkey:2.16:beta4", "cpe:/a:mozilla:firefox:1.5.0.7", "cpe:/a:mozilla:thunderbird:13.0", "cpe:/a:mozilla:thunderbird:1.5.0.14", "cpe:/a:mozilla:thunderbird:17.0.6", "cpe:/a:mozilla:seamonkey:2.10:beta2", "cpe:/a:mozilla:seamonkey:2.16.2", "cpe:/a:mozilla:seamonkey:2.3:beta1", "cpe:/a:mozilla:thunderbird:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:firefox:3.5.17", "cpe:/a:mozilla:firefox:3.6.21", "cpe:/a:mozilla:thunderbird:3.1.5", "cpe:/a:mozilla:firefox:18.0.1", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:thunderbird:16.0", "cpe:/a:mozilla:seamonkey:2.8:beta5", "cpe:/a:mozilla:firefox:3.5.8", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:2.19", "cpe:/a:mozilla:firefox:0.9:rc", "cpe:/a:mozilla:thunderbird:3.1.13", "cpe:/a:mozilla:firefox:18.0.2", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:thunderbird:2.0.0.0", "cpe:/a:mozilla:seamonkey:2.9:beta4", "cpe:/a:mozilla:thunderbird:3.0.5", "cpe:/a:mozilla:seamonkey:2.15:beta6", "cpe:/a:mozilla:firefox:3.0.15", "cpe:/a:mozilla:firefox_esr:24.0", "cpe:/a:mozilla:firefox:24.0", "cpe:/a:mozilla:firefox:3.0.7", "cpe:/a:mozilla:thunderbird:12.0", "cpe:/a:mozilla:firefox:0.1", "cpe:/a:mozilla:thunderbird:3.1.8", "cpe:/a:mozilla:firefox:27.0.1", "cpe:/a:mozilla:seamonkey:2.14", "cpe:/a:mozilla:firefox:25.0.1", "cpe:/a:mozilla:seamonkey:2.0:alpha_2", "cpe:/a:mozilla:firefox:16.0.1", "cpe:/a:mozilla:firefox:3.0", "cpe:/a:mozilla:firefox:3.6.15", "cpe:/a:mozilla:thunderbird:3.1.4", "cpe:/a:mozilla:seamonkey:2.8:beta4", "cpe:/a:mozilla:firefox:1.5.3", "cpe:/a:mozilla:seamonkey:2.13:beta3", "cpe:/a:mozilla:firefox:10.0.6", "cpe:/a:mozilla:firefox:3.5.11", "cpe:/a:mozilla:seamonkey:2.14:beta2", "cpe:/a:mozilla:seamonkey:2.17.1", "cpe:/a:mozilla:firefox:24.1", "cpe:/a:mozilla:thunderbird:16.0.1", "cpe:/a:mozilla:thunderbird:2.0.0.17", "cpe:/a:mozilla:seamonkey:2.24", "cpe:/a:mozilla:seamonkey:2.8:beta1", "cpe:/a:mozilla:thunderbird:1.0.2", "cpe:/a:mozilla:seamonkey:2.9.1", "cpe:/a:mozilla:seamonkey:2.5:beta3", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.12:beta6", "cpe:/a:mozilla:firefox:16.0", "cpe:/a:mozilla:firefox:17.0.4", "cpe:/a:mozilla:thunderbird:3.1.10", "cpe:/a:mozilla:firefox:3.0.10", "cpe:/a:mozilla:thunderbird:0.5", "cpe:/a:mozilla:seamonkey:2.15:beta4", "cpe:/a:mozilla:firefox:3.6.11", "cpe:/a:mozilla:thunderbird:14.0", "cpe:/a:mozilla:firefox:3.0.8", "cpe:/a:mozilla:seamonkey:2.13:beta5", "cpe:/a:mozilla:firefox:4.0:beta9", "cpe:/a:mozilla:seamonkey:2.20", "cpe:/a:mozilla:firefox:1.0.8", "cpe:/a:mozilla:thunderbird:3.0.9", "cpe:/a:mozilla:seamonkey:2.22:beta1", "cpe:/a:mozilla:firefox:1.5.0.8", "cpe:/a:mozilla:firefox:3.0.1", "cpe:/a:mozilla:firefox:0.9", "cpe:/a:mozilla:firefox:23.0.1", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:firefox:3.5.15", "cpe:/a:mozilla:firefox:3.6.13", "cpe:/a:mozilla:firefox:3.5.4", "cpe:/a:mozilla:thunderbird:3.0.1", "cpe:/a:mozilla:firefox:3.6.27", "cpe:/a:mozilla:thunderbird:1.5.1", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:firefox:3.5.9", "cpe:/a:mozilla:firefox:3.6.10", "cpe:/a:mozilla:firefox:10.0.12", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.14:beta3", "cpe:/a:mozilla:thunderbird:3.1.15", "cpe:/a:mozilla:seamonkey:2.18:beta3", "cpe:/a:mozilla:thunderbird:1.0.7", "cpe:/a:mozilla:thunderbird:3.0.11", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:firefox:3.5.2", "cpe:/a:mozilla:thunderbird:3.1.9", "cpe:/a:mozilla:firefox:2.0.0.16", "cpe:/a:mozilla:thunderbird:15.0", "cpe:/a:mozilla:seamonkey:2.6:beta2", "cpe:/a:mozilla:thunderbird:0.2", "cpe:/a:mozilla:thunderbird:1.5.0.5", "cpe:/a:mozilla:firefox:10.0.11", "cpe:/a:mozilla:seamonkey:2.12:beta4", "cpe:/a:mozilla:firefox:3.5.10", "cpe:/a:mozilla:firefox:0.2", "cpe:/a:mozilla:thunderbird:12.0.1", "cpe:/a:mozilla:seamonkey:2.4:beta3", "cpe:/a:mozilla:firefox:26.0", "cpe:/a:mozilla:firefox:0.7", "cpe:/a:mozilla:seamonkey:2.7:beta1", "cpe:/a:mozilla:firefox:3.6.6", "cpe:/a:mozilla:thunderbird:17.0.3", "cpe:/a:mozilla:thunderbird:2.0.0.16", "cpe:/a:mozilla:firefox:13.0.1", "cpe:/a:mozilla:firefox:2.0.0.19", "cpe:/a:mozilla:firefox:3.0.17", "cpe:/a:mozilla:thunderbird:3.1.7", "cpe:/a:mozilla:firefox:0.7.1", "cpe:/a:mozilla:firefox_esr:24.0.2", "cpe:/a:mozilla:seamonkey:2.17:beta3", "cpe:/a:mozilla:seamonkey:2.1:rc1", "cpe:/a:mozilla:seamonkey:2.6:beta1", "cpe:/a:mozilla:seamonkey:2.10:beta3", "cpe:/a:mozilla:thunderbird:1.5.0.11", "cpe:/a:mozilla:seamonkey:2.21:beta2", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:thunderbird:0.1", "cpe:/a:mozilla:seamonkey:2.18:beta4", "cpe:/a:mozilla:firefox:2.0.0.11", "cpe:/a:mozilla:seamonkey:2.20:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.14", "cpe:/a:mozilla:firefox:2.0.0.4", "cpe:/a:mozilla:thunderbird:1.5.0.7", "cpe:/a:mozilla:seamonkey:2.11", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:2.6:beta4", "cpe:/a:mozilla:seamonkey:2.16.1", "cpe:/a:mozilla:firefox:10.0.8", "cpe:/a:mozilla:firefox:19.0", "cpe:/a:mozilla:firefox:0.6.1", "cpe:/a:mozilla:seamonkey:2.21", "cpe:/a:mozilla:thunderbird:0.9", "cpe:/a:mozilla:firefox:0.9.3", "cpe:/a:mozilla:firefox:12.0:beta6", "cpe:/a:mozilla:thunderbird:2.0.0.15", "cpe:/a:mozilla:thunderbird:2.0.0.8", "cpe:/a:mozilla:firefox_esr:24.0.1", "cpe:/a:mozilla:thunderbird:1.7.3", "cpe:/a:mozilla:seamonkey:2.10:beta1", "cpe:/a:mozilla:firefox:3.6.14", "cpe:/a:mozilla:thunderbird:1.0.3", "cpe:/a:mozilla:firefox_esr:24.1.1", "cpe:/a:mozilla:seamonkey:2.7:beta3", "cpe:/a:mozilla:seamonkey:2.19:beta2", "cpe:/a:mozilla:firefox:0.3", "cpe:/a:mozilla:seamonkey:2.16:beta2", "cpe:/a:mozilla:thunderbird:2.0.0.18", "cpe:/a:mozilla:thunderbird:0.3", "cpe:/a:mozilla:thunderbird:2.0.0.6", "cpe:/a:mozilla:firefox:3.6.18", "cpe:/a:mozilla:firefox:4.0:beta1", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:firefox:21.0", "cpe:/a:mozilla:thunderbird:13.0.1"], "modified": "2017-12-15T21:29:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1512", "id": "CVE-2014-1512", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:51", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=982957"], "description": "Security research firm VUPEN, via TippingPoint's Pwn2Own\ncontest, reported that memory pressure during Garbage Collection could lead to\nmemory corruption of TypeObjects in the JS engine, resulting in an exploitable\nuse-after-free condition.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "edition": 1, "reporter": "Mozilla Foundation", "published": "2014-03-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "mozilla", "title": "Use-after-free in TypeObject", "bulletinFamily": "software", "affectedSoftware": [{"name": "Firefox", "version": "28", "operator": "lt"}, {"name": "Firefox ESR", "version": "24.4", "operator": "lt"}, {"name": "Thunderbird", "version": "24.4", "operator": "lt"}, {"name": "SeaMonkey", "version": "2.25", "operator": "lt"}], "cvelist": ["CVE-2014-1512"], "modified": "2014-03-18T00:00:00", "id": "MFSA2014-30", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-30/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:44", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "24.4.0-1~deb7u1", "arch": "all", "packageFilename": "icedove_24.4.0-1~deb7u1_all.deb", "packageName": "icedove", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2911-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 22, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 \n CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513\n CVE-2014-1514\n\nMultiple security issues have been found in Icedove, Debian&#x27;s version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety \nerrors, out of bound reads, use-after-frees and other implementation \nerrors may lead to the execution of arbitrary code, information \ndisclosure or denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 24.4.0-1~deb7u1. This updates Icedove to the Extended Support\nRelease (ESR) branch 24. An updated and compatible version of Enigmail \nis included with this update.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 24.4.0esr-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 24.4.0esr-1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2014-04-22T15:24:51", "title": "[SECURITY] [DSA 2911-1] icedove security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:44", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2014-04-22T15:24:51", "id": "DEBIAN:DSA-2911-1:B4677", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00089.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:50:17", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "24.4.0esr-1~deb7u2", "arch": "all", "packageFilename": "iceweasel_24.4.0esr-1~deb7u2_all.deb", "packageName": "iceweasel", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2881-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 19, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 \n CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 \n CVE-2014-1514\n\nMultiple security issues have been found in Iceweasel, Debian&#x27;s version\nof the Mozilla Firefox web browser: Multiple memory safety errors, out of\nbound reads, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, information disclosure, denial of\nservice.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 24.4.0esr-1~deb7u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 24.4.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2014-03-19T14:44:12", "title": "[SECURITY] [DSA 2881-1] iceweasel security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:17", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2014-03-19T14:44:12", "id": "DEBIAN:DSA-2881-1:FCFA6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00052.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:53:59", "references": ["http://www.debian.org/security/2014/dsa-2881.html"], "pluginID": "1361412562310702881", "description": "Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, out of\nbound reads, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, information disclosure, denial of\nservice.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-03-19T00:00:00", "title": "Debian Security Advisory DSA 2881-1 (iceweasel - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310702881", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702881", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2881.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2881-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"iceweasel on Debian Linux\";\ntag_insight = \"Iceweasel is Firefox, rebranded. It is a powerful, extensible web browser\nwith support for modern web application technologies.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 24.4.0esr-1~deb7u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 24.4.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\";\ntag_summary = \"Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, out of\nbound reads, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, information disclosure, denial of\nservice.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702881\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_name(\"Debian Security Advisory DSA 2881-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-03-19 00:00:00 +0100 (Wed, 19 Mar 2014)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2881.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:53", "references": ["http://www.debian.org/security/2014/dsa-2911.html"], "pluginID": "1361412562310702911", "description": "Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, out of bound reads, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or denial of service.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-04-22T00:00:00", "title": "Debian Security Advisory DSA 2911-1 (icedove - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310702911", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702911", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2911.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2911-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icedove on Debian Linux\";\ntag_insight = \"Icedove is an unbranded Thunderbird mail client suitable for free\ndistribution. It supports different mail accounts (POP, IMAP, Gmail), has an\nintegrated learning Spam filter, and offers easy organization of mails with\ntagging and virtual folders. Also, more features can be added by installing\nextensions.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 24.4.0-1~deb7u1. This updates Icedove to the Extended Support\nRelease (ESR) branch 24. An updated and compatible version of Enigmail\nis included with this update.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 24.4.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 24.4.0-1.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, out of bound reads, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702911\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_name(\"Debian Security Advisory DSA 2911-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-04-22 00:00:00 +0200 (Tue, 22 Apr 2014)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2911.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-03T10:48:41", "references": ["http://www.debian.org/security/2014/dsa-2911.html"], "pluginID": "702911", "description": "Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, out of bound reads, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or denial of service.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-04-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 2911-1 (icedove - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2017-07-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702911", "id": "OPENVAS:702911", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2911.nasl 6759 2017-07-19 09:56:33Z teissa $\n# Auto-generated from advisory DSA 2911-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icedove on Debian Linux\";\ntag_insight = \"Icedove is an unbranded Thunderbird mail client suitable for free\ndistribution. It supports different mail accounts (POP, IMAP, Gmail), has an\nintegrated learning Spam filter, and offers easy organization of mails with\ntagging and virtual folders. Also, more features can be added by installing\nextensions.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 24.4.0-1~deb7u1. This updates Icedove to the Extended Support\nRelease (ESR) branch 24. An updated and compatible version of Enigmail\nis included with this update.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 24.4.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 24.4.0-1.\n\nWe recommend that you upgrade your icedove packages.\";\ntag_summary = \"Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, out of bound reads, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702911);\n script_version(\"$Revision: 6759 $\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_name(\"Debian Security Advisory DSA 2911-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-19 11:56:33 +0200 (Wed, 19 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-04-22 00:00:00 +0200 (Tue, 22 Apr 2014)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2911.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"calendar-timezones\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"24.4.0-1~deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-02T10:48:54", "references": ["http://www.debian.org/security/2014/dsa-2881.html"], "pluginID": "702881", "description": "Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, out of\nbound reads, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, information disclosure, denial of\nservice.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-03-19T00:00:00", "title": "Debian Security Advisory DSA 2881-1 (iceweasel - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2017-07-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702881", "id": "OPENVAS:702881", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2881.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 2881-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"iceweasel on Debian Linux\";\ntag_insight = \"Iceweasel is Firefox, rebranded. It is a powerful, extensible web browser\nwith support for modern web application technologies.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 24.4.0esr-1~deb7u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 24.4.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.\";\ntag_summary = \"Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, out of\nbound reads, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, information disclosure, denial of\nservice.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702881);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_name(\"Debian Security Advisory DSA 2881-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-03-19 00:00:00 +0100 (Wed, 19 Mar 2014)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2881.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs24d-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-24.0-dbg\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"24.4.0esr-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:53", "references": ["http://lists.centos.org/pipermail/centos-announce/2014-March/020213.html", "2014:0310"], "pluginID": "1361412562310881902", "description": "Check for the Version of firefox", "edition": 4, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-20T00:00:00", "title": "CentOS Update for firefox CESA-2014:0310 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881902", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881902", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2014:0310 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881902\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-20 09:44:23 +0530 (Thu, 20 Mar 2014)\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\",\n \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\",\n \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for firefox CESA-2014:0310 centos6 \");\n\n tag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,\nCVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF\nfiles. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Firefox or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.4.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\";\n\n tag_affected = \"firefox on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0310\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-March/020213.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.4.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:49:00", "references": ["2014:0316-01", "https://www.redhat.com/archives/rhsa-announce/2014-March/msg00029.html"], "pluginID": "871142", "description": "Check for the Version of thunderbird", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-20T00:00:00", "title": "RedHat Update for thunderbird RHSA-2014:0316-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871142", "id": "OPENVAS:871142", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2014:0316-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871142);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-20 09:54:03 +0530 (Thu, 20 Mar 2014)\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\",\n \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\",\n \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for thunderbird RHSA-2014:0316-01\");\n\n tag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Thunderbird to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered certain\nPDF files. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.4.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.4.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\";\n\n tag_affected = \"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0316-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00029.html\");\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~24.4.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~24.4.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:48:37", "references": ["http://lists.centos.org/pipermail/centos-announce/2014-March/020217.html", "2014:0310"], "pluginID": "881901", "description": "Check for the Version of firefox", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-20T00:00:00", "title": "CentOS Update for firefox CESA-2014:0310 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881901", "id": "OPENVAS:881901", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2014:0310 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881901);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-20 09:43:07 +0530 (Thu, 20 Mar 2014)\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\",\n \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\",\n \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for firefox CESA-2014:0310 centos5 \");\n\n tag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,\nCVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF\nfiles. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Firefox or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.4.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\";\n\n tag_affected = \"firefox on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0310\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-March/020217.html\");\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.4.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:48:40", "references": ["https://www.redhat.com/archives/rhsa-announce/2014-March/msg00026.html", "2014:0310-01"], "pluginID": "871141", "description": "Check for the Version of firefox", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-20T00:00:00", "title": "RedHat Update for firefox RHSA-2014:0310-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871141", "id": "OPENVAS:871141", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2014:0310-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871141);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-20 09:52:26 +0530 (Thu, 20 Mar 2014)\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\",\n \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\",\n \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for firefox RHSA-2014:0310-01\");\n\n tag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,\nCVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF\nfiles. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Firefox or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.4.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\";\n\n tag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0310-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00026.html\");\n script_summary(\"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.4.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~24.4.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.4.0~1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~24.4.0~1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:13:50", "references": ["https://www.redhat.com/archives/rhsa-announce/2014-March/msg00026.html", "2014:0310-01"], "pluginID": "1361412562310871141", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-20T00:00:00", "title": "RedHat Update for firefox RHSA-2014:0310-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871141", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871141", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2014:0310-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871141\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-20 09:52:26 +0530 (Thu, 20 Mar 2014)\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\",\n \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\",\n \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for firefox RHSA-2014:0310-01\");\n\n\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,\nCVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF\nfiles. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Firefox or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.4.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0310-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00026.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.4.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~24.4.0~1.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~24.4.0~1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~24.4.0~1.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:48:22", "references": ["http://lists.centos.org/pipermail/centos-announce/2014-March/020218.html", "2014:0316"], "pluginID": "881907", "description": "Check for the Version of thunderbird", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for thunderbird CESA-2014:0316 centos6 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881907", "id": "OPENVAS:881907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2014:0316 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881907);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-20 09:47:58 +0530 (Thu, 20 Mar 2014)\");\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\",\n \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for thunderbird CESA-2014:0316 centos6 \");\n\n tag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Thunderbird to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered certain\nPDF files. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.4.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.4.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\";\n\n tag_affected = \"thunderbird on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0316\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-March/020218.html\");\n script_summary(\"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~24.4.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-11T12:58:27", "references": ["https://www.debian.org/security/2014/dsa-2881", "https://packages.debian.org/source/wheezy/iceweasel"], "pluginID": "73106", "description": "Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure, denial of service.", "edition": 6, "reporter": "Tenable", "published": "2014-03-20T00:00:00", "title": "Debian DSA-2881-1 : iceweasel - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2881.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73106", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2881. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73106);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_bugtraq_id(66203, 66206, 66207, 66209, 66240);\n script_xref(name:\"DSA\", value:\"2881\");\n\n script_name(english:\"Debian DSA-2881-1 : iceweasel - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors, out of bound reads, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure, denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2881\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 24.4.0esr-1~deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-csb\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ku\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zu\", reference:\"24.4.0esr-1~deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:53:54", "references": ["https://www.debian.org/security/2014/dsa-2911", "https://packages.debian.org/source/wheezy/icedove"], "pluginID": "73657", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.", "edition": 5, "reporter": "Tenable", "published": "2014-04-23T00:00:00", "title": "Debian DSA-2911-1 : icedove - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:icedove"], "id": "DEBIAN_DSA-2911.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73657", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2911. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73657);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_bugtraq_id(66203, 66206, 66207, 66209, 66240, 66412, 66418, 66423, 66426);\n script_xref(name:\"DSA\", value:\"2911\");\n\n script_name(english:\"Debian DSA-2911-1 : icedove - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client. Multiple memory\nsafety errors, out of bound reads, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\ninformation disclosure or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2911\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 24.4.0-1~deb7u1. This updates Icedove to the Extended\nSupport Release (ESR) branch 24. An updated and compatible version of\nEnigmail is included with this update.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"calendar-google-provider\", reference:\"24.4.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove\", reference:\"24.4.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dbg\", reference:\"24.4.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dev\", reference:\"24.4.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceowl-extension\", reference:\"24.4.0-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:03:33", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/", "http://www.securityfocus.com/archive/1/531617/30/0/threaded"], "pluginID": "73097", "description": "The installed version of Thunderbird is a version prior to version 24.4. It is, therefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)", "edition": 7, "reporter": "Tenable", "published": "2014-03-19T00:00:00", "title": "Thunderbird < 24.4 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_24_4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73097", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73097);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66418,\n 66419,\n 66423,\n 66425,\n 66426\n );\n\n script_name(english:\"Thunderbird < 24.4 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is a version prior to version\n24.4. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 24.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'24.4', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-02T15:29:04", "references": ["https://usn.ubuntu.com/2151-1/"], "pluginID": "73148", "description": "Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1493)\n\nAtte Kettunen discovered an out-of-bounds read during WAV file decoding. If a user had enabled audio, an attacker could potentially exploit this to cause a denial of service via application crash.\n(CVE-2014-1497)\n\nRobert O'Callahan discovered a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1505)\n\nTyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read during polygon rendering in MathML. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1508)\n\nJohn Thomson discovered a memory corruption bug in the Cairo graphics library. If a user had a malicious extension installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1509)\n\nMariusz Mlynski discovered that web content could open a chrome privileged page and bypass the popup blocker in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1510, CVE-2014-1511)\n\nIt was discovered that memory pressure during garbage collection resulted in memory corruption in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1512)\n\nJuri Aedla discovered out-of-bounds reads and writes with TypedArrayObject in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1513)\n\nGeorge Hotz discovered an out-of-bounds write with TypedArrayObject.\nIf a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2014-1514).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2014-03-22T00:00:00", "title": "Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2018-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2151-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73148", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2151-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73148);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/12/01 15:12:38\");\n\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_bugtraq_id(66425);\n script_xref(name:\"USN\", value:\"2151-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman,\nDan Gohman and Christoph Diehl discovered multiple memory safety\nissues in Thunderbird. If a user were tricked in to opening a\nspecially crafted message with scripting enabled, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2014-1493)\n\nAtte Kettunen discovered an out-of-bounds read during WAV file\ndecoding. If a user had enabled audio, an attacker could potentially\nexploit this to cause a denial of service via application crash.\n(CVE-2014-1497)\n\nRobert O'Callahan discovered a mechanism for timing attacks involving\nSVG filters and displacements input to feDisplacementMap. If a user\nhad enabled scripting, an attacker could potentially exploit this to\nsteal confidential information across domains. (CVE-2014-1505)\n\nTyson Smith and Jesse Schwartzentruber discovered an out-of-bounds\nread during polygon rendering in MathML. If a user had enabled\nscripting, an attacker could potentially exploit this to steal\nconfidential information across domains. (CVE-2014-1508)\n\nJohn Thomson discovered a memory corruption bug in the Cairo graphics\nlibrary. If a user had a malicious extension installed, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of\nthe user invoking Thunderbird. (CVE-2014-1509)\n\nMariusz Mlynski discovered that web content could open a chrome\nprivileged page and bypass the popup blocker in some circumstances. If\na user had enabled scripting, an attacker could potentially exploit\nthis to execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2014-1510, CVE-2014-1511)\n\nIt was discovered that memory pressure during garbage collection\nresulted in memory corruption in some circumstances. If a user had\nenabled scripting, an attacker could potentially exploit this to cause\na denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking Thunderbird. (CVE-2014-1512)\n\nJuri Aedla discovered out-of-bounds reads and writes with\nTypedArrayObject in some circumstances. If a user had enabled\nscripting, an attacker could potentially exploit this to cause a\ndenial of service via application crash or execute arbitrary code with\nthe privileges of the user invoking Thunderbird. (CVE-2014-1513)\n\nGeorge Hotz discovered an out-of-bounds write with TypedArrayObject.\nIf a user had enabled scripting, an attacker could potentially exploit\nthis to cause a denial of service via application crash or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2014-1514).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2151-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|12\\.10|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:24.4.0+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"thunderbird\", pkgver:\"1:24.4.0+build1-0ubuntu0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"thunderbird\", pkgver:\"1:24.4.0+build1-0ubuntu0.13.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:32:53", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/", "http://www.securityfocus.com/archive/1/531617/30/0/threaded"], "pluginID": "73100", "description": "The installed version of Thunderbird is a version prior to 24.4 and is, therefore, potentially affected the following vulnerabilities:\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)", "edition": 7, "reporter": "Tenable", "published": "2014-03-19T00:00:00", "title": "Mozilla Thunderbird < 24.4 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_24_4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73100);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66418,\n 66419,\n 66423,\n 66425,\n 66426\n );\n\n script_name(english:\"Mozilla Thunderbird < 24.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Thunderbird is a version prior to 24.4 and\nis, therefore, potentially affected the following vulnerabilities:\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 24.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'24.4', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:11", "references": ["http://www.nessus.org/u?16736178"], "pluginID": "73114", "description": "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1509)\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "edition": 4, "reporter": "Tenable", "published": "2014-03-20T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2016-01-06T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140318_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73114", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73114);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/01/06 15:36:34 $\");\n\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511,\nCVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to\ngain access to sensitive information such as cross-domain content or\nprotected memory addresses or, potentially, cause Firefox to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain\nPDF files. An attacker able to trick a user into installing a\nmalicious extension could use this flaw to crash Firefox or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2014-1509)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=1569\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16736178\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-24.4.0-1.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-24.4.0-1.el5_10\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-24.4.0-1.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-24.4.0-1.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-06T09:41:42", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-March/004029.html"], "pluginID": "73112", "description": "From Red Hat Security Advisory 2014:0316 :\n\nAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Juri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.4.0. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.4.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes to take effect.", "edition": 10, "reporter": "Tenable", "published": "2014-03-20T00:00:00", "title": "Oracle Linux 6 : thunderbird (ELSA-2014-0316)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2018-09-05T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2014-0316.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73112", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0316 and \n# Oracle Linux Security Advisory ELSA-2014-0316 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73112);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/09/05 15:02:26\");\n\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_bugtraq_id(66203, 66206, 66207, 66240, 66425);\n script_xref(name:\"RHSA\", value:\"2014:0316\");\n\n script_name(english:\"Oracle Linux 6 : thunderbird (ELSA-2014-0316)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0316 :\n\nAn updated thunderbird package that fixes several security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2014-1493, CVE-2014-1510,\nCVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird\nprocessed malformed web content. An attacker could use these flaws to\ngain access to sensitive information such as cross-domain content or\nprotected memory addresses or, potentially, cause Thunderbird to\ncrash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered\ncertain PDF files. An attacker able to trick a user into installing a\nmalicious extension could use this flaw to crash Thunderbird or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga,\nJan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte\nKettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert\nO'Callahan, Mariusz Mlynski, Juri Aedla, George Hotz, and the security\nresearch firm VUPEN as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 24.4.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.4.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-March/004029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-24.4.0-1.0.1.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:05:39", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2014-01/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/", "https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/", "http://www.securityfocus.com/archive/1/531617/30/0/threaded"], "pluginID": "73098", "description": "The installed version of Firefox ESR 24.x is a version prior to 24.4.\nIt is, therefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)\n\n - A flaw exists in the checkHandshake() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2014-1495)\n\n - An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)", "edition": 7, "reporter": "Tenable", "published": "2014-03-19T00:00:00", "title": "Firefox ESR 24.x < 24.4 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1495", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_24_4_ESR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73098);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2014-1493\",\n \"CVE-2014-1494\",\n \"CVE-2014-1495\",\n \"CVE-2014-1496\",\n \"CVE-2014-1497\",\n \"CVE-2014-1505\",\n \"CVE-2014-1508\",\n \"CVE-2014-1509\",\n \"CVE-2014-1510\",\n \"CVE-2014-1511\",\n \"CVE-2014-1512\",\n \"CVE-2014-1513\",\n \"CVE-2014-1514\"\n );\n script_bugtraq_id(\n 66203,\n 66206,\n 66207,\n 66209,\n 66240,\n 66412,\n 66416,\n 66418,\n 66419,\n 66423,\n 66425,\n 66426\n );\n\n script_name(english:\"Firefox ESR 24.x < 24.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Firefox ESR 24.x is a version prior to 24.4.\nIt is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code\n execution. (CVE-2014-1493, CVE-2014-1494)\n\n - A flaw exists in the checkHandshake() function due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in the execution of arbitrary\n code. (CVE-2014-1495)\n\n - An issue exists where extracted files for updates are\n not read-only while updating. An attacker may be able\n to modify these extracted files resulting in privilege\n escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV\n format audio files that could lead to a denial of\n service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are\n rendered in 'MathML' that could lead to information\n disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics\n library when rendering a PDF file that could lead to\n arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the\n feDisplacementMap element that could lead to\n information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to\n load chrome-privileged pages when JavaScript\n implemented WebIDL calls the 'window.open()' function,\n which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to\n bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects'\n in the JavaScript engine during Garbage Collection\n that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to\n 'TypedArrayObject' improperly handling 'ArrayBuffer'\n objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values\n from one array to another that could result in arbitrary\n code execution. (CVE-2014-1514)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531617/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox ESR 24.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'24.4', min:'24.0', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:57", "references": ["http://www.nessus.org/u?c7ad57f8"], "pluginID": "73116", "description": "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1509)\n\nNote: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the changes to take effect.", "edition": 4, "reporter": "Tenable", "published": "2014-03-20T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2016-01-06T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140319_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73116", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73116);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/01/06 15:36:34 $\");\n\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2014-1493, CVE-2014-1510,\nCVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird\nprocessed malformed web content. An attacker could use these flaws to\ngain access to sensitive information such as cross-domain content or\nprotected memory addresses or, potentially, cause Thunderbird to\ncrash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered\ncertain PDF files. An attacker able to trick a user into installing a\nmalicious extension could use this flaw to crash Thunderbird or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2014-1509)\n\nNote: All of the above issues cannot be exploited by a specially\ncrafted HTML mail message as JavaScript is disabled by default for\nmail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed.\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=1824\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7ad57f8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-24.4.0-1.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-24.4.0-1.el5_10\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-24.4.0-1.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-24.4.0-1.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-11T12:39:54", "references": ["http://www.nessus.org/u?ae421ae4", "http://www.nessus.org/u?cfb36055"], "pluginID": "73084", "description": "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Juri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 24.4.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "edition": 11, "reporter": "Tenable", "published": "2014-03-19T00:00:00", "title": "CentOS 5 / 6 : firefox (CESA-2014:0310)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2014-0310.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73084", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0310 and \n# CentOS Errata and Security Advisory 2014:0310 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73084);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2014-1493\", \"CVE-2014-1497\", \"CVE-2014-1505\", \"CVE-2014-1508\", \"CVE-2014-1509\", \"CVE-2014-1510\", \"CVE-2014-1511\", \"CVE-2014-1512\", \"CVE-2014-1513\", \"CVE-2014-1514\");\n script_bugtraq_id(66203, 66206, 66207, 66240, 66425);\n script_xref(name:\"RHSA\", value:\"2014:0310\");\n\n script_name(english:\"CentOS 5 / 6 : firefox (CESA-2014:0310)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511,\nCVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to\ngain access to sensitive information such as cross-domain content or\nprotected memory addresses or, potentially, cause Firefox to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain\nPDF files. An attacker able to trick a user into installing a\nmalicious extension could use this flaw to crash Firefox or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga,\nJan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte\nKettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert\nO'Callahan, Mariusz Mlynski, Juri Aedla, George Hotz, and the security\nresearch firm VUPEN as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Firefox 24.4.0 ESR. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 24.4.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-March/020213.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae421ae4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-March/020217.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfb36055\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox WebIDL Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-24.4.0-1.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-24.4.0-1.el6.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:56", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0310.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.4.0-1.el6.centos", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.4.0-1.el6.centos", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6.centos.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.4.0-1.el5.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.4.0-1.el5.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.4.0-1.el6.centos", "arch": "any", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6.centos.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.4.0-1.el6.centos", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6.centos.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.4.0-1.el5.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5.centos.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.4.0-1.el5.centos", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5.centos.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:0310\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,\nCVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF\nfiles. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Firefox or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.4.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020213.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020217.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0310.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-03-19T00:08:42", "title": "firefox security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2014-03-19T19:26:42", "href": "http://lists.centos.org/pipermail/centos-announce/2014-March/020213.html", "id": "CESA-2014:0310", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:31", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0316.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.4.0-1.el5.centos", "packageFilename": "thunderbird-24.4.0-1.el5.centos.x86_64.rpm", "packageName": "thunderbird", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.4.0-1.el5.centos", "packageFilename": "thunderbird-24.4.0-1.el5.centos.i386.rpm", "packageName": "thunderbird", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "24.4.0-1.el5.centos", "packageFilename": "thunderbird-24.4.0-1.el5.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.4.0-1.el6.centos", "packageFilename": "thunderbird-24.4.0-1.el6.centos.x86_64.rpm", "packageName": "thunderbird", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.4.0-1.el6.centos", "packageFilename": "thunderbird-24.4.0-1.el6.centos.src.rpm", "packageName": "thunderbird", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "24.4.0-1.el6.centos", "packageFilename": "thunderbird-24.4.0-1.el6.centos.i686.rpm", "packageName": "thunderbird", "arch": "i686", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:0316\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Thunderbird to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered certain\nPDF files. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.4.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.4.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020218.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020219.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0316.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-03-19T21:09:48", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "thunderbird security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2014-03-20T01:01:20", "href": "http://lists.centos.org/pipermail/centos-announce/2014-March/020218.html", "id": "CESA-2014:0316", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-06-06T18:04:45", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "i386", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5_10.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "i386", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5_10.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5_10.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5_10.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "ia64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el5_10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "ia64", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el5_10.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "i686", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "src", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6_5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "i686", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "x86_64", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "ppc", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "ppc64", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "ppc", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6_5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "s390x", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "s390", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-24.4.0-1.el6_5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "s390x", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "s390", "packageName": "firefox", "packageFilename": "firefox-24.4.0-1.el6_5.s390.rpm", "operator": "lt"}], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,\nCVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF\nfiles. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Firefox or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.4.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "reporter": "RedHat", "published": "2014-03-18T04:00:00", "type": "redhat", "title": "(RHSA-2014:0310) Critical: firefox security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1493", "CVE-2014-1497", "CVE-2014-1505", "CVE-2014-1508", "CVE-2014-1509", "CVE-2014-1510", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1513", "CVE-2014-1514"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:17", "id": "RHSA-2014:0310", "href": "https://access.redhat.com/errata/RHSA-2014:0310", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-06T18:05:36", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.4.0-1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "src", "packageName": "thunderbird", "packageFilename": "thunderbird-24.4.0-1.el5_10.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "i386", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.4.0-1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "i386", "packageName": "thunderbird", "packageFilename": "thunderbird-24.4.0-1.el5_10.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "24.4.0-1.el5_10", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-24.4.0-1.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "i686", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.4.0-1.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "src", "packageName": "thunderbird", "packageFilename": "thunderbird-24.4.0-1.el6_5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "x86_64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.4.0-1.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "i686", "packageName": "thunderbird", "packageFilename": "thunderbird-24.4.0-1.el6_5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "x86_64", "packageName": "thunderbird", "packageFilename": "thunderbird-24.4.0-1.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "ppc64", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.4.0-1.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "ppc64", "packageName": "thunderbird", "packageFilename": "thunderbird-24.4.0-1.el6_5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "s390x", "packageName": "thunderbird-debuginfo", "packageFilename": "thunderbird-debuginfo-24.4.0-1.el6_5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "24.4.0-1.el6_5", "arch": "s390x", "packageName": "thunderbird", "packageFilename": "thunderbird-24.4.0-1.el6_5.s390x.rpm", "operator": "lt"}], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Thunderbird to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered certain\nPDF files. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.4.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.4.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "reporter": "RedHat", "published": "2014-03-19T04:00:00", "type": "redhat", "title": "(RHSA-2014:0316) Important: thunderbird security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1493", "CVE-2014-1497", "CVE-2014-1505", "CVE-2014-1508", "CVE-2014-1509", "CVE-2014-1510", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1513", "CVE-2014-1514"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:26", "id": "RHSA-2014:0316", "href": "https://access.redhat.com/errata/RHSA-2014:0316", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:32", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.4.0-1.0.1.el6_5", "arch": "src", "packageFilename": "thunderbird-24.4.0-1.0.1.el6_5.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.4.0-1.0.1.el6_5", "arch": "src", "packageFilename": "thunderbird-24.4.0-1.0.1.el6_5.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "src", "packageFilename": "thunderbird-24.4.0-1.0.1.el5_10.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "src", "packageFilename": "thunderbird-24.4.0-1.0.1.el5_10.src.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.4.0-1.0.1.el6_5", "arch": "i686", "packageFilename": "thunderbird-24.4.0-1.0.1.el6_5.i686.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.4.0-1.0.1.el6_5", "arch": "x86_64", "packageFilename": "thunderbird-24.4.0-1.0.1.el6_5.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "x86_64", "packageFilename": "thunderbird-24.4.0-1.0.1.el5_10.x86_64.rpm", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "i386", "packageFilename": "thunderbird-24.4.0-1.0.1.el5_10.i386.rpm", "packageName": "thunderbird", "operator": "lt"}], "description": "[24.4.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[24.4.0-1]\n- Update to 24.4.0", "edition": 3, "reporter": "Oracle", "published": "2014-03-19T00:00:00", "title": "thunderbird security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2014-03-19T00:00:00", "id": "ELSA-2014-0316", "href": "http://linux.oracle.com/errata/ELSA-2014-0316.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:01", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.4.0-1.0.1.el6_5", "arch": "src", "packageFilename": "firefox-24.4.0-1.0.1.el6_5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.4.0-1.0.1.el6_5", "arch": "src", "packageFilename": "firefox-24.4.0-1.0.1.el6_5.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.4.0-1.0.1.el6_5", "arch": "x86_64", "packageFilename": "firefox-24.4.0-1.0.1.el6_5.x86_64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "i386", "packageFilename": "firefox-24.4.0-1.0.1.el5_10.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "i386", "packageFilename": "firefox-24.4.0-1.0.1.el5_10.i386.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.4.0-1.0.1.el6_5", "arch": "i686", "packageFilename": "firefox-24.4.0-1.0.1.el6_5.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "24.4.0-1.0.1.el6_5", "arch": "i686", "packageFilename": "firefox-24.4.0-1.0.1.el6_5.i686.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "src", "packageFilename": "firefox-24.4.0-1.0.1.el5_10.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "src", "packageFilename": "firefox-24.4.0-1.0.1.el5_10.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "src", "packageFilename": "firefox-24.4.0-1.0.1.el5_10.src.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "ia64", "packageFilename": "firefox-24.4.0-1.0.1.el5_10.ia64.rpm", "packageName": "firefox", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "24.4.0-1.0.1.el5_10", "arch": "x86_64", "packageFilename": "firefox-24.4.0-1.0.1.el5_10.x86_64.rpm", "packageName": "firefox", "operator": "lt"}], "description": "[24.4.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Build with nspr-devel >= 4.10.0 to fix build failure\n[24.4.0-1]\n- Update to 24.4.0 ESR\n[24.3.0-4]\n- Fixed rhbz#1070467 - Enable Add Ons by default in Firefox\n[24.3.0-3]\n- Fixed rhbz#1054832 - Firefox does not support Camellia cipher", "edition": 3, "reporter": "Oracle", "published": "2014-03-18T00:00:00", "title": "firefox security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2014-03-18T00:00:00", "id": "ELSA-2014-0310", "href": "http://linux.oracle.com/errata/ELSA-2014-0310.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:13", "references": ["https://launchpad.net/bugs/1293851", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1514", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1509", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1512", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1508", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1513", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1510", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1511", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1497", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1493", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1505"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "1:24.4.0+build1-0ubuntu0.13.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1:24.4.0+build1-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "1:24.4.0+build1-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}], "description": "Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1493)\n\nAtte Kettunen discovered an out-of-bounds read during WAV file decoding. If a user had enabled audio, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1497)\n\nRobert O\u2019Callahan discovered a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1505)\n\nTyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read during polygon rendering in MathML. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1508)\n\nJohn Thomson discovered a memory corruption bug in the Cairo graphics library. If a user had a malicious extension installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1509)\n\nMariusz Mlynski discovered that web content could open a chrome privileged page and bypass the popup blocker in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1510, CVE-2014-1511)\n\nIt was discovered that memory pressure during garbage collection resulted in memory corruption in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1512)\n\nJ\u00fcri Aedla discovered out-of-bounds reads and writes with TypedArrayObject in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1513)\n\nGeorge Hotz discovered an out-of-bounds write with TypedArrayObject. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1514)", "edition": 3, "reporter": "Ubuntu", "published": "2014-03-21T00:00:00", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "modified": "2014-03-21T00:00:00", "id": "USN-2151-1", "href": "https://usn.ubuntu.com/2151-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:01", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1502", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1514", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1509", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1512", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1508", "https://launchpad.net/bugs/1291982", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1513", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1510", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1494", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1504", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1499", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1511", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1497", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1498", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1500", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1493", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1505"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "28.0+build2-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "28.0+build2-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "28.0+build2-0ubuntu0.12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1493, CVE-2014-1494)\n\nAtte Kettunen discovered an out-of-bounds read during WAV file decoding. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1497)\n\nDavid Keeler discovered that crypto.generateCRFMRequest did not correctly validate all arguments. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1498)\n\nEhsan Akhgari discovered that the WebRTC permission dialog can display the wrong originating site information under some circumstances. An attacker could potentially exploit this by tricking a user in order to gain access to their webcam or microphone. (CVE-2014-1499)\n\nTim Philipp Sch\u00e4fers and Sebastian Neef discovered that onbeforeunload events used with page navigations could make the browser unresponsive in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2014-1500)\n\nJeff Gilbert discovered that WebGL content could manipulate content from another sites WebGL context. An attacker could potentially exploit this to conduct spoofing attacks. (CVE-2014-1502)\n\nNicolas Golubovic discovered that CSP could be bypassed for data: documents during session restore. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2014-1504)\n\nRobert O\u2019Callahan discovered a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. An attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1505)\n\nTyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read during polygon rendering in MathML. An attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1508)\n\nJohn Thomson discovered a memory corruption bug in the Cairo graphics library. If a user had a malicious extension installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1509)\n\nMariusz Mlynski discovered that web content could open a chrome privileged page and bypass the popup blocker in some circumstances. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1510, CVE-2014-1511)\n\nIt was discovered that memory pressure during garbage collection resulted in memory corruption in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1512)\n\nJ\u00fcri Aedla discovered out-of-bounds reads and writes with TypedArrayObject in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1513)\n\nGeorge Hotz discovered an out-of-bounds write with TypedArrayObject. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1514)", "edition": 3, "reporter": "Ubuntu", "published": "2014-03-18T00:00:00", "title": "Firefox vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1499"], "modified": "2014-03-18T00:00:00", "id": "USN-2150-1", "href": "https://usn.ubuntu.com/2150-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:57:23", "references": ["https://bugzilla.novell.com/868603", "http://download.suse.com/patch/finder/?keywords=459a5273e5dbc348d118a48052078601"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-24.4.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-24.4.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.23", "arch": "i586", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.23.i586.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "ia64", "packageFilename": "MozillaFirefox-24.4.0esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24-0.7.23", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.23.x86_64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-24.4.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-translations-24.4.0esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "s390x", "packageFilename": "MozillaFirefox-devel-24.4.0esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ia64", "packageFilename": "mozilla-nspr-x86-4.10.4-0.3.1.ia64.rpm", "packageName": "mozilla-nspr-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.4.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.ppc64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24-0.7.23", "arch": "i586", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.23.i586.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.23", "arch": "ppc64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.23.ppc64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-24.4.0esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "s390x", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.s390x.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "s390x", "packageFilename": "MozillaFirefox-24.4.0esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ia64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.ia64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.4.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.ppc64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-devel-24.4.0esr-0.8.1.ppc64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-24.4.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.4.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "ia64", "packageFilename": "MozillaFirefox-devel-24.4.0esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-24.4.0esr-0.8.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.23", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.23.x86_64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.4.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-24.4.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ppc64", "packageFilename": "mozilla-nspr-32bit-4.10.4-0.3.1.ppc64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "ia64", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.ia64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.23", "arch": "s390x", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.23.s390x.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-0.3.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24-0.7.23", "arch": "ia64", "packageFilename": "MozillaFirefox-branding-SLED-24-0.7.23.ia64.rpm", "packageName": "MozillaFirefox-branding-SLED", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.4.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-24.4.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-24.4.0esr-0.8.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.10.4-0.3.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.10.4-0.3.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.4.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-24.4.0esr-0.8.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "24.4.0esr-0.8.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-24.4.0esr-0.8.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}], "description": "Mozilla Firefox was updated to 24.4.0ESR release, fixing\n various security issues and bugs:\n\n *\n\n MFSA 2014-15: Mozilla developers and community\n identified identified and fixed several memory safety bugs\n in the browser engine used in Firefox and other\n Mozilla-based products. Some of these bugs showed evidence\n of memory corruption under certain circumstances, and we\n presume that with enough effort at least some of these\n could be exploited to run arbitrary code.\n\n *\n\n Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\n Jesse Ruderman, Dan Gohman, and Christoph Diehl reported\n memory safety problems and crashes that affect Firefox ESR\n 24.3 and Firefox 27. (CVE-2014-1493)\n\n *\n\n Gregor Wagner, Olli Pettay, Gary Kwong, Jesse\n Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato\n reported memory safety problems and crashes that affect\n Firefox 27. (CVE-2014-1494)\n\n *\n\n MFSA 2014-16 / CVE-2014-1496: Security researcher Ash\n reported an issue where the extracted files for updates to\n existing files are not read only during the update process.\n This allows for the potential replacement or modification\n of these files during the update process if a malicious\n application is present on the local system.\n\n *\n\n MFSA 2014-17 / CVE-2014-1497: Security researcher\n Atte Kettunen from OUSPG reported an out of bounds read\n during the decoding of WAV format audio files for playback.\n This could allow web content access to heap data as well as\n causing a crash.\n\n *\n\n MFSA 2014-18 / CVE-2014-1498: Mozilla developer David\n Keeler reported that the crypto.generateCRFMRequest method\n did not correctly validate the key type of the KeyParams\n argument when generating ec-dual-use requests. This could\n lead to a crash and a denial of service (DOS) attack.\n\n *\n\n MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan\n Akhgari reported a spoofing attack where the permission\n prompt for a WebRTC session can appear to be from a\n different site than its actual originating site if a timed\n navigation occurs during the prompt generation. This allows\n an attacker to potentially gain access to the webcam or\n microphone by masquerading as another site and gaining user\n permission through spoofing.\n\n *\n\n MFSA 2014-20 / CVE-2014-1500: Security researchers\n Tim Philipp Schaefers and Sebastian Neef, the team of\n Internetwache.org, reported a mechanism using JavaScript\n onbeforeunload events with page navigation to prevent users\n from closing a malicious page's tab and causing the browser\n to become unresponsive. This allows for a denial of service\n (DOS) attack due to resource consumption and blocks the\n ability of users to exit the application.\n\n *\n\n MFSA 2014-21 / CVE-2014-1501: Security researcher\n Alex Infuehr reported that on Firefox for Android it is\n possible to open links to local files from web content by\n selecting &quot;Open Link in New Tab&quot; from the context menu\n using the file: protocol. The web content would have to\n know the precise location of a malicious local file in\n order to exploit this issue. This issue does not affect\n Firefox on non-Android systems.\n\n *\n\n MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff\n Gilbert discovered a mechanism where a malicious site with\n WebGL content could inject content from its context to that\n of another site's WebGL context, causing the second site to\n replace textures and similar content. This cannot be used\n to steal data but could be used to render arbitrary content\n in these limited circumstances.\n\n *\n\n MFSA 2014-23 / CVE-2014-1504: Security researcher\n Nicolas Golubovic reported that the Content Security Policy\n (CSP) of data: documents was not saved as part of session\n restore. If an attacker convinced a victim to open a\n document from a data: URL injected onto a page, this can\n lead to a Cross-Site Scripting (XSS) attack. The target\n page may have a strict CSP that protects against this XSS\n attack, but if the attacker induces a browser crash with\n another bug, an XSS attack would occur during session\n restoration, bypassing the CSP on the site.\n\n *\n\n MFSA 2014-26 / CVE-2014-1508: Security researcher\n Tyson Smith and Jesse Schwartzentruber of the BlackBerry\n Security Automated Analysis Team used the Address Sanitizer\n tool while fuzzing to discover an out-of-bounds read during\n polygon rendering in MathML. This can allow web content to\n potentially read protected memory addresses. In combination\n with previous techniques used for SVG timing attacks, this\n could allow for text values to be read across domains,\n leading to information disclosure.\n\n *\n\n MFSA 2014-27 / CVE-2014-1509: Security researcher\n John Thomson discovered a memory corruption in the Cairo\n graphics library during font rendering of a PDF file for\n display. This memory corruption leads to a potentially\n exploitable crash and to a denial of service (DOS). This\n issues is not able to be triggered in a default\n configuration and would require a malicious extension to be\n installed.\n\n *\n\n MFSA 2014-28 / CVE-2014-1505: Mozilla developer\n Robert O'Callahan reported a mechanism for timing attacks\n involving SVG filters and displacements input to\n feDisplacementMap. This allows displacements to potentially\n be correlated with values derived from content. This is\n similar to the previously reported techniques used for SVG\n timing attacks and could allow for text values to be read\n across domains, leading to information disclosure.\n\n *\n\n MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511:\n Security researcher Mariusz Mlynski, via TippingPoint's\n Pwn2Own contest, reported that it is possible for untrusted\n web content to load a chrome-privileged page by getting\n JavaScript-implemented WebIDL to call window.open(). A\n second bug allowed the bypassing of the popup-blocker\n without user interaction. Combined these two bugs allow an\n attacker to load a JavaScript URL that is executed with the\n full privileges of the browser, which allows arbitrary code\n execution.\n\n *\n\n MFSA 2014-30 / CVE-2014-1512: Security research firm\n VUPEN, via TippingPoint's Pwn2Own contest, reported that\n memory pressure during Garbage Collection could lead to\n memory corruption of TypeObjects in the JS engine,\n resulting in an exploitable use-after-free condition.\n\n *\n\n MFSA 2014-31 / CVE-2014-1513: Security researcher\n Jueri Aedla, via TippingPoint's Pwn2Own contest, reported\n that TypedArrayObject does not handle the case where\n ArrayBuffer objects are neutered, setting their length to\n zero while still in use. This leads to out-of-bounds reads\n and writes into the JavaScript heap, allowing for arbitrary\n code execution.\n\n *\n\n MFSA 2014-32 / CVE-2014-1514: Security researcher\n George Hotz, via TippingPoint's Pwn2Own contest, discovered\n an issue where values are copied from an array into a\n second, neutered array. This allows for an out-of-bounds\n write into memory, causing an exploitable crash leading to\n arbitrary code execution.\n\n", "edition": 1, "reporter": "Suse", "published": "2014-03-21T23:04:18", "title": "Security update for MozillaFirefox (important)", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "modified": "2014-03-21T23:04:18", "id": "SUSE-SU-2014:0418-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:29:31", "references": ["https://bugzilla.novell.com/868603"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-translations-other", "packageFilename": "seamonkey-translations-other-2.25-1.41.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-translations-common", "packageFilename": "seamonkey-translations-common-2.25-1.41.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-24.4.0-70.15.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-debuginfo", "packageFilename": "MozillaThunderbird-debuginfo-24.4.0-61.43.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-24.4.0-70.15.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-24.4.0-61.43.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-debuginfo", "packageFilename": "seamonkey-debuginfo-2.25-1.41.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-2.25-16.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-debuginfo", "packageFilename": "MozillaThunderbird-debuginfo-24.4.0-70.15.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.0+24.4.0-70.15.8", "packageName": "enigmail", "packageFilename": "enigmail-1.6.0+24.4.0-70.15.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.0+24.4.0-70.15.8", "packageName": "enigmail-debuginfo", "packageFilename": "enigmail-debuginfo-1.6.0+24.4.0-70.15.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.6.0+24.4.0-61.43.5", "packageName": "enigmail-debuginfo", "packageFilename": "enigmail-debuginfo-1.6.0+24.4.0-61.43.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-24.4.0-70.15.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-buildsymbols", "packageFilename": "MozillaThunderbird-buildsymbols-24.4.0-61.43.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-venkman", "packageFilename": "seamonkey-venkman-2.25-1.41.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-irc", "packageFilename": "seamonkey-irc-2.25-1.41.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey", "packageFilename": "seamonkey-2.25-1.41.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-debugsource", "packageFilename": "MozillaThunderbird-debugsource-24.4.0-70.15.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-buildsymbols", "packageFilename": "MozillaThunderbird-buildsymbols-24.4.0-70.15.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-24.4.0-70.15.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-24.4.0-61.43.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-debugsource", "packageFilename": "seamonkey-debugsource-2.25-16.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-24.4.0-61.43.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.6.0+24.4.0-61.43.5", "packageName": "enigmail-debuginfo", "packageFilename": "enigmail-debuginfo-1.6.0+24.4.0-61.43.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-debuginfo", "packageFilename": "seamonkey-debuginfo-2.25-1.41.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-debugsource", "packageFilename": "MozillaThunderbird-debugsource-24.4.0-70.15.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-debugsource", "packageFilename": "seamonkey-debugsource-2.25-16.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey", "packageFilename": "seamonkey-2.25-1.41.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-2.25-1.41.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-irc", "packageFilename": "seamonkey-irc-2.25-16.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey", "packageFilename": "seamonkey-2.25-16.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-translations-other", "packageFilename": "seamonkey-translations-other-2.25-16.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.6.0+24.4.0-61.43.5", "packageName": "enigmail", "packageFilename": "enigmail-1.6.0+24.4.0-61.43.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-irc", "packageFilename": "seamonkey-irc-2.25-1.41.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-2.25-1.41.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-24.4.0-70.15.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-venkman", "packageFilename": "seamonkey-venkman-2.25-16.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-debuginfo", "packageFilename": "MozillaThunderbird-debuginfo-24.4.0-61.43.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-translations-common", "packageFilename": "seamonkey-translations-common-2.25-16.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-24.4.0-70.15.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-irc", "packageFilename": "seamonkey-irc-2.25-16.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-debugsource", "packageFilename": "MozillaThunderbird-debugsource-24.4.0-61.43.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.0+24.4.0-70.15.8", "packageName": "enigmail-debuginfo", "packageFilename": "enigmail-debuginfo-1.6.0+24.4.0-70.15.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-24.4.0-61.43.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-translations-other", "packageFilename": "seamonkey-translations-other-2.25-1.41.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey", "packageFilename": "seamonkey-2.25-16.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-24.4.0-61.43.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.6.0+24.4.0-61.43.5", "packageName": "enigmail", "packageFilename": "enigmail-1.6.0+24.4.0-61.43.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-debugsource", "packageFilename": "seamonkey-debugsource-2.25-1.41.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-debuginfo", "packageFilename": "seamonkey-debuginfo-2.25-16.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-venkman", "packageFilename": "seamonkey-venkman-2.25-16.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-translations-common", "packageFilename": "seamonkey-translations-common-2.25-1.41.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-translations-common", "packageFilename": "seamonkey-translations-common-2.25-16.7.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-dom-inspector", "packageFilename": "seamonkey-dom-inspector-2.25-16.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-debuginfo", "packageFilename": "seamonkey-debuginfo-2.25-16.7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-24.4.0-61.43.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-buildsymbols", "packageFilename": "MozillaThunderbird-buildsymbols-24.4.0-61.43.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-buildsymbols", "packageFilename": "MozillaThunderbird-buildsymbols-24.4.0-70.15.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-debugsource", "packageFilename": "seamonkey-debugsource-2.25-1.41.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-24.4.0-61.43.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.6.0+24.4.0-70.15.8", "packageName": "enigmail", "packageFilename": "enigmail-1.6.0+24.4.0-70.15.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-24.4.0-70.15.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird-debuginfo", "packageFilename": "MozillaThunderbird-debuginfo-24.4.0-70.15.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-debugsource", "packageFilename": "MozillaThunderbird-debugsource-24.4.0-61.43.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "2.25-1.41.5", "packageName": "seamonkey-venkman", "packageFilename": "seamonkey-venkman-2.25-1.41.5.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "24.4.0-70.15.8", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-24.4.0-70.15.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "24.4.0-61.43.5", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-24.4.0-61.43.5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "2.25-16.7", "packageName": "seamonkey-translations-other", "packageFilename": "seamonkey-translations-other-2.25-16.7.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "Mozilla Thunderbird was updated to 24.4.0. Mozilla\n SeaMonkey was updated to 2.25.\n\n * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous\n memory safety hazards\n * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds\n read during WAV file decoding\n * MFSA 2014-18/CVE-2014-1498 (bmo#935618)\n crypto.generateCRMFRequest does not validate type of key\n * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack\n on WebRTC permission prompt\n * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload\n and Javascript navigation DOS\n * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content\n injection from one domain to rendering in another\n * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content\n Security Policy for data: documents not preserved by\n session restore\n * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information\n disclosure through polygon rendering in MathML\n * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory\n corruption in Cairo during PDF font rendering\n * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters\n information disclosure through feDisplacementMap\n * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906,\n bmo#982909) Privilege escalation using\n WebIDL-implemented APIs\n * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free\n in TypeObject\n * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds\n read/write through neutering ArrayBuffer objects\n * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds\n write through TypedArrayObject after neutering\n\n", "edition": 1, "reporter": "Suse", "published": "2014-04-30T09:04:15", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "MozillaThunderbird,seamonkey (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1499"], "modified": "2014-04-30T09:04:15", "id": "OPENSUSE-SU-2014:0584-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:43", "references": ["https://bugzilla.novell.com/868603", "https://bugzilla.novell.com/865539"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-28.0-17.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-28.0-17.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-28.0-1.56.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-28.0-1.56.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-28.0-17.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-28.0-17.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-28.0-1.56.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-3.15.5-16.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-28.0-1.56.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-debuginfo-4.10.4-1.26.1.x86_64.rpm", "packageName": "mozilla-nspr-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-3.15.5-1.32.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "libfreebl3-debuginfo-3.15.5-16.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-debuginfo-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "i586", "packageFilename": "MozillaFirefox-28.0-1.56.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-1.26.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "libsoftokn3-3.15.5-16.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-28.0-17.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-28.0-1.56.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-8.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.10.4-8.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.15.5-16.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-debuginfo-32bit-4.10.4-8.1.x86_64.rpm", "packageName": "mozilla-nspr-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-debugsource-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-debuginfo-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-debuginfo-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debugsource-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.15.5-1.32.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-28.0-1.56.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-28.0-1.56.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-28.0-17.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.10.4-1.26.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "i586", "packageFilename": "mozilla-nspr-debuginfo-4.10.4-1.26.1.i586.rpm", "packageName": "mozilla-nspr-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-debuginfo-32bit-4.10.4-1.26.1.x86_64.rpm", "packageName": "mozilla-nspr-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "libfreebl3-3.15.5-16.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "libsoftokn3-3.15.5-1.32.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "i586", "packageFilename": "mozilla-nspr-devel-4.10.4-1.26.1.i586.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-devel-4.10.4-8.1.x86_64.rpm", "packageName": "mozilla-nspr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-debuginfo-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-28.0-17.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-debugsource-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "libsoftokn3-debuginfo-3.15.5-1.32.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-debuginfo-4.10.4-8.1.x86_64.rpm", "packageName": "mozilla-nspr-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-28.0-17.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "i586", "packageFilename": "mozilla-nspr-debugsource-4.10.4-1.26.1.i586.rpm", "packageName": "mozilla-nspr-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-28.0-17.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-28.0-1.56.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "libfreebl3-3.15.5-1.32.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-28.0-1.56.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-debugsource-4.10.4-8.1.x86_64.rpm", "packageName": "mozilla-nspr-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "i586", "packageFilename": "MozillaFirefox-28.0-17.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-debuginfo-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-4.10.4-8.1.x86_64.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-28.0-1.56.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-28.0-17.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-28.0-1.56.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-debuginfo-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-1.26.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "i586", "packageFilename": "mozilla-nspr-4.10.4-8.1.i586.rpm", "packageName": "mozilla-nspr", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-28.0-17.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-28.0-17.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-28.0-17.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "i586", "packageFilename": "mozilla-nspr-debugsource-4.10.4-8.1.i586.rpm", "packageName": "mozilla-nspr-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-debuginfo-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-28.0-1.56.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-28.0-17.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-32bit-4.10.4-1.26.1.x86_64.rpm", "packageName": "mozilla-nspr-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-3.15.5-1.32.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debugsource-3.15.5-16.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.15.5-16.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "28.0-17.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-28.0-17.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-debuginfo-3.15.5-1.32.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "i586", "packageFilename": "libsoftokn3-debuginfo-3.15.5-16.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.15.5-1.32.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "i586", "packageFilename": "libfreebl3-debuginfo-3.15.5-1.32.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-28.0-1.56.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-28.0-1.56.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-3.15.5-16.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.15.5-1.32.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.15.5-1.32.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "28.0-1.56.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-28.0-1.56.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.15.5-16.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "4.10.4-8.1", "arch": "i586", "packageFilename": "mozilla-nspr-debuginfo-4.10.4-8.1.i586.rpm", "packageName": "mozilla-nspr-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "3.15.5-16.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.15.5-16.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "4.10.4-1.26.1", "arch": "x86_64", "packageFilename": "mozilla-nspr-debugsource-4.10.4-1.26.1.x86_64.rpm", "packageName": "mozilla-nspr-debugsource", "operator": "lt"}], "description": "Mozilla Firefox was updated to version 28.0, receiving\n enhancements, bug and security fixes. Mozilla NSPR was\n updated to 4.10.4 receiving enhancements, bug and security\n fixes. Mozilla NSS was updated to 3.15.5 receiving\n enhancements, bug and security fixes.\n\n Changes in MozillaFirefox:\n - update to Firefox 28.0 (bnc#868603)\n * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous\n memory safety hazards\n * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds\n read during WAV file decoding\n * MFSA 2014-18/CVE-2014-1498 (bmo#935618)\n crypto.generateCRMFRequest does not validate type of key\n * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack\n on WebRTC permission prompt\n * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload\n and Javascript navigation DOS\n * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content\n injection from one domain to rendering in another\n * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content\n Security Policy for data: documents not preserved by\n session restore\n * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information\n disclosure through polygon rendering in MathML\n * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory\n corruption in Cairo during PDF font rendering\n * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters\n information disclosure through feDisplacementMap\n * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906,\n bmo#982909) Privilege escalation using\n WebIDL-implemented APIs\n * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free\n in TypeObject\n * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds\n read/write through neutering ArrayBuffer objects\n * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds\n write through TypedArrayObject after neutering\n - requires NSPR 4.10.3 and NSS 3.15.5\n - new build dependency (and recommends):\n * libpulse\n * JS math correctness issue (bmo#941381)\n\n Changes in mozilla-nspr:\n - update to version 4.10.4\n * bmo#767759: Add support for new x32 abi\n * bmo#844784: Thread data race in PR_EnterMonitor\n * bmo#939786: data race\n nsprpub/pr/src/pthreads/ptthread.c:137 _pt_root\n * bmo#958796: Users of _beginthreadex that set a custom\n stack size may not be getting the behavior they want\n * bmo#963033: AArch64 support update for NSPR\n * bmo#969061: Incorrect end-of-list test when iterating\n over a PRCList in prcountr.c and prtrace.c\n * bmo#971152: IPv6 detection on linux depends on\n availability of /proc/net/if_inet6\n\n - update to version 4.10.3\n * bmo#749849: ensure we'll free the thread-specific data\n key.\n * bmo#941461: don't compile android with unaligned memory\n access.\n * bmo#932398: Add PR_SyncMemMap, a portable version of\n msync/FlushViewOfFile.\n * bmo#952621: Fix a thread-unsafe access to lock-&gt;owner\n in PR_Lock.\n * bmo#957458: Fix several bugs in the lock rank checking\n code.\n * bmo#936320: Use an alternative test for IPv6 support on\n Linux to avoid opening a socket.\n\n Changes in mozilla-nss:\n - update to 3.15.5\n * required for Firefox 28\n * export FREEBL_LOWHASH to get the correct default\n headers (bnc#865539) New functionality\n * Added support for the TLS application layer protocol\n negotiation (ALPN) extension. Two SSL socket options,\n SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to\n control whether NPN or ALPN (or both) should be used\n for application layer protocol negotiation.\n * Added the TLS padding extension. The extension type\n value is 35655, which may change when an official\n extension type value is assigned by IANA. NSS\n automatically adds the padding extension to ClientHello\n when necessary.\n * Added a new macro CERT_LIST_TAIL, defined in certt.h,\n for getting the tail of a CERTCertList. Notable Changes\n * bmo#950129: Improve the OCSP fetching policy when\n verifying OCSP responses\n * bmo#949060: Validate the iov input argument (an array\n of PRIOVec structures) of ssl_WriteV (called via\n PR_Writev). Applications should still take care when\n converting struct iov to PRIOVec because the iov_len\n members of the two structures have different types\n (size_t vs. int). size_t is unsigned and may be larger\n than int.\n\n", "edition": 1, "reporter": "Suse", "published": "2014-03-26T17:04:14", "title": "MozillaFirefox: Update to version 28.0 (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1499"], "modified": "2014-03-26T17:04:14", "id": "OPENSUSE-SU-2014:0448-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:06", "references": ["https://bugzilla.novell.com/861847", "https://bugzilla.novell.com/868603", "https://bugzilla.novell.com/865539", "https://bugzilla.novell.com/862831"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-24.4.0-89.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-24.4.0-89.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0+24.4.0-89.2", "packageName": "enigmail", "packageFilename": "enigmail-1.6.0+24.4.0-89.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-certs", "packageFilename": "mozilla-nss-certs-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-24.4.0-107.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-24.4.0-89.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-certs-debuginfo", "packageFilename": "mozilla-nss-certs-debuginfo-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-sysinit-x86", "packageFilename": "mozilla-nss-sysinit-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-24.4.0-107.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-24.4.0-107.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-devel", "packageFilename": "MozillaFirefox-devel-24.4.0-107.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-24.4.0-107.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-branding-upstream", "packageFilename": "MozillaFirefox-branding-upstream-24.4.0-107.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-sysinit-debuginfo", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-debuginfo", "packageFilename": "MozillaThunderbird-debuginfo-24.4.0-89.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libsoftokn3-x86", "packageFilename": "libsoftokn3-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libsoftokn3-32bit", "packageFilename": "libsoftokn3-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libsoftokn3", "packageFilename": "libsoftokn3-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-translations-other", "packageFilename": "MozillaThunderbird-translations-other-24.4.0-89.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libsoftokn3", "packageFilename": "libsoftokn3-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libsoftokn3-debuginfo-32bit", "packageFilename": "libsoftokn3-debuginfo-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-debuginfo", "packageFilename": "mozilla-nspr-debuginfo-4.10.4-40.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-sysinit", "packageFilename": "mozilla-nss-sysinit-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-debugsource", "packageFilename": "mozilla-nss-debugsource-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0+24.4.0-89.2", "packageName": "enigmail", "packageFilename": "enigmail-1.6.0+24.4.0-89.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-tools-debuginfo", "packageFilename": "mozilla-nss-tools-debuginfo-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-24.4.0-107.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-tools-debuginfo", "packageFilename": "mozilla-nss-tools-debuginfo-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-24.4.0-89.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-24.4.0-107.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libfreebl3-debuginfo", "packageFilename": "libfreebl3-debuginfo-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-certs-debuginfo", "packageFilename": "mozilla-nss-certs-debuginfo-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-translations-common", "packageFilename": "MozillaThunderbird-translations-common-24.4.0-89.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-certs-x86", "packageFilename": "mozilla-nss-certs-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-sysinit-debuginfo", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-24.4.0-107.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-24.4.0-107.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-debuginfo-x86", "packageFilename": "mozilla-nspr-debuginfo-x86-4.10.4-40.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.10.4-40.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-sysinit-32bit", "packageFilename": "mozilla-nss-sysinit-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird", "packageFilename": "MozillaThunderbird-24.4.0-89.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-certs-debuginfo-32bit", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-debugsource", "packageFilename": "MozillaThunderbird-debugsource-24.4.0-89.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libsoftokn3-debuginfo-x86", "packageFilename": "libsoftokn3-debuginfo-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-translations-common", "packageFilename": "MozillaFirefox-translations-common-24.4.0-107.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-debugsource", "packageFilename": "MozillaThunderbird-debugsource-24.4.0-89.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-debuginfo", "packageFilename": "MozillaThunderbird-debuginfo-24.4.0-89.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libfreebl3-debuginfo", "packageFilename": "libfreebl3-debuginfo-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-debugsource", "packageFilename": "mozilla-nspr-debugsource-4.10.4-40.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-sysinit", "packageFilename": "mozilla-nss-sysinit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libfreebl3-32bit", "packageFilename": "libfreebl3-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-24.4.0-107.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-buildsymbols", "packageFilename": "MozillaThunderbird-buildsymbols-24.4.0-89.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libfreebl3-x86", "packageFilename": "libfreebl3-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-32bit", "packageFilename": "mozilla-nspr-32bit-4.10.4-40.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-24.4.0-107.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.10.4-40.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-debugsource", "packageFilename": "mozilla-nss-debugsource-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-buildsymbols", "packageFilename": "MozillaThunderbird-buildsymbols-24.4.0-89.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libfreebl3-debuginfo-x86", "packageFilename": "libfreebl3-debuginfo-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-sysinit-debuginfo-x86", "packageFilename": "mozilla-nss-sysinit-debuginfo-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-debuginfo", "packageFilename": "mozilla-nspr-debuginfo-4.10.4-40.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libsoftokn3-debuginfo", "packageFilename": "libsoftokn3-debuginfo-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-certs-debuginfo-x86", "packageFilename": "mozilla-nss-certs-debuginfo-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-24.4.0-107.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-debuginfo-x86", "packageFilename": "mozilla-nss-debuginfo-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.10.4-40.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-debugsource", "packageFilename": "mozilla-nspr-debugsource-4.10.4-40.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-debuginfo", "packageFilename": "mozilla-nss-debuginfo-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-translations-other", "packageFilename": "MozillaFirefox-translations-other-24.4.0-107.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-debuginfo-32bit", "packageFilename": "mozilla-nspr-debuginfo-32bit-4.10.4-40.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-x86", "packageFilename": "mozilla-nspr-x86-4.10.4-40.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libfreebl3-debuginfo-32bit", "packageFilename": "libfreebl3-debuginfo-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-certs", "packageFilename": "mozilla-nss-certs-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-107.3", "packageName": "MozillaFirefox-buildsymbols", "packageFilename": "MozillaFirefox-buildsymbols-24.4.0-107.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-debuginfo", "packageFilename": "mozilla-nss-debuginfo-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-debuginfo-32bit", "packageFilename": "mozilla-nss-debuginfo-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.4.0-89.2", "packageName": "MozillaThunderbird-devel", "packageFilename": "MozillaThunderbird-devel-24.4.0-89.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-certs-32bit", "packageFilename": "mozilla-nss-certs-32bit-3.15.5-82.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "4.10.4-40.1", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.10.4-40.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "mozilla-nss-x86", "packageFilename": "mozilla-nss-x86-3.15.5-82.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.15.5-82.1", "packageName": "libsoftokn3-debuginfo", "packageFilename": "libsoftokn3-debuginfo-3.15.5-82.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "This patch contains a collection of security relevant\n updates for Mozilla applications.\n\n Update Firefox to 24.4.0 (bnc#868603) Update Thunderbird to\n 24.4.0 Update NSPR to 4.10.4 Update NSS to 3.15.5\n\n * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous\n memory safety hazards\n * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds\n read during WAV file decoding\n * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information\n disclosure through polygon rendering in MathML\n * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory\n corruption in Cairo during PDF font rendering\n * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters\n information disclosure through feDisplacementMap\n * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906,\n bmo#982909) Privilege escalation using\n WebIDL-implemented APIs\n * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free\n in TypeObject\n * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds\n read/write through neutering ArrayBuffer objects\n * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds\n write through TypedArrayObject after neutering\n\n", "edition": 1, "reporter": "Suse", "published": "2014-03-21T23:04:31", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Mozilla updates 2014/03 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1481", "CVE-2014-1487", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1486", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1477", "CVE-2014-1482", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1490", "CVE-2014-1498", "CVE-2014-1480", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1478", "CVE-2014-1485", "CVE-2014-1493", "CVE-2014-1488", "CVE-2014-1491", "CVE-2014-1483", "CVE-2014-1499"], "modified": "2014-03-21T23:04:31", "id": "OPENSUSE-SU-2014:0419-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:58", "references": ["https://bugzilla.novell.com/887746", "https://bugzilla.novell.com/603356", "https://bugzilla.novell.com/750044", "https://bugzilla.novell.com/765204", "https://bugzilla.novell.com/637303", "https://bugzilla.novell.com/861847", "https://bugzilla.novell.com/808243", "https://bugzilla.novell.com/528406", "https://bugzilla.novell.com/664211", "https://bugzilla.novell.com/657016", "https://bugzilla.novell.com/667155", "https://bugzilla.novell.com/771583", "https://bugzilla.novell.com/894201", "https://bugzilla.novell.com/825935", "https://bugzilla.novell.com/642502", "https://bugzilla.novell.com/720264", "https://bugzilla.novell.com/41903", "https://bugzilla.novell.com/104586", "https://bugzilla.novell.com/737533", "https://bugzilla.novell.com/881874", "https://bugzilla.novell.com/503151", "https://bugzilla.novell.com/726758", "https://bugzilla.novell.com/868603", "https://bugzilla.novell.com/593807", "https://bugzilla.novell.com/649492", "https://bugzilla.novell.com/622506", "https://bugzilla.novell.com/576969", "https://bugzilla.novell.com/796895", "https://bugzilla.novell.com/689281", "https://bugzilla.novell.com/354469", "https://bugzilla.novell.com/840485", "https://bugzilla.novell.com/847708", "https://bugzilla.novell.com/701296", "https://bugzilla.novell.com/744275", "https://bugzilla.novell.com/385739", "https://bugzilla.novell.com/790140", "https://bugzilla.novell.com/894370", "https://bugzilla.novell.com/529180", "https://bugzilla.novell.com/417869", "https://bugzilla.novell.com/429179", "https://bugzilla.novell.com/747328", "https://bugzilla.novell.com/712224", "https://bugzilla.novell.com/758408", "https://bugzilla.novell.com/559819", "https://bugzilla.novell.com/441084", "https://bugzilla.novell.com/455804", "https://bugzilla.novell.com/876833", "https://bugzilla.novell.com/804248", "https://bugzilla.novell.com/390992", "https://bugzilla.novell.com/819204", "https://bugzilla.novell.com/733002", "https://bugzilla.novell.com/777588", "https://bugzilla.novell.com/854370", "https://bugzilla.novell.com/484321", "https://bugzilla.novell.com/786522", "https://bugzilla.novell.com/582276", "https://bugzilla.novell.com/527418", "https://bugzilla.novell.com/732898", "https://bugzilla.novell.com/755060", "https://bugzilla.novell.com/714931", "https://bugzilla.novell.com/749440", "https://bugzilla.novell.com/833389", "https://bugzilla.novell.com/783533", "https://bugzilla.novell.com/728520", "https://bugzilla.novell.com/813026", "https://bugzilla.novell.com/439841", "https://bugzilla.novell.com/746616", "https://bugzilla.novell.com/518603", "https://bugzilla.novell.com/542809", "https://bugzilla.novell.com/645315", "https://bugzilla.novell.com/875378", "https://bugzilla.novell.com/586567"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-other-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-other", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-certs-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-certs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-sysinit-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-sysinit-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libfreebl3-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "libfreebl3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libfreebl3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libfreebl3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-certs-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-certs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "libsoftokn3-3.16.4-94.1.i586.rpm", "packageName": "libsoftokn3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-tools-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-tools-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-buildsymbols-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-buildsymbols", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-debugsource-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-branding-upstream-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-branding-upstream", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libfreebl3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libfreebl3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "libsoftokn3-debuginfo-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "libsoftokn3-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-debuginfo-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "mozilla-nss-certs-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "mozilla-nss-certs-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "ia64", "packageFilename": "libsoftokn3-debuginfo-x86-3.16.4-94.1.ia64.rpm", "packageName": "libsoftokn3-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-common-24.8.0-127.1.x86_64.rpm", "packageName": "MozillaFirefox-translations-common", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "24.8.0-127.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-24.8.0-127.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-devel-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "i586", "packageFilename": "mozilla-nss-sysinit-3.16.4-94.1.i586.rpm", "packageName": "mozilla-nss-sysinit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "3.16.4-94.1", "arch": "x86_64", "packageFilename": "mozilla-nss-sysinit-32bit-3.16.4-94.1.x86_64.rpm", "packageName": "mozilla-nss-sysinit-32bit", "operator": "lt"}], "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit &quot;Entrust.net Secure Server Certification\n Authority&quot; root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the &quot;USERTrust Legacy Secure Server CA&quot;\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "edition": 1, "reporter": "Suse", "published": "2014-09-09T18:04:16", "title": "Firefox update to 31.1esr (important)", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "modified": "2014-09-09T18:04:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "id": "OPENSUSE-SU-2014:1100-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:51", "references": ["https://www.mozilla.org/security/announce/2014/mfsa2014-21.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-28.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-31.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-18.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-22.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-23.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-24.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-26.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-16.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-27.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-15.html", "http://www.mozilla.org/security/known-vulnerabilities/", "https://www.mozilla.org/security/announce/2014/mfsa2014-25.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-30.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-17.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-19.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-32.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-20.html", "https://www.mozilla.org/security/announce/2014/mfsa2014-29.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "24.4.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "28.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-firefox", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "24.4.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox-esr", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.25", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "24.4.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "thunderbird", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.25", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-seamonkey", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "28.0,1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "firefox", "operator": "lt"}], "description": "\nThe Mozilla Project reports:\n\nMFSA 2014-15 Miscellaneous memory safety hazards\n\t (rv:28.0 / rv:24.4)\nMFSA 2014-16 Files extracted during updates are not always\n\t read only\nMFSA 2014-17 Out of bounds read during WAV file decoding\nMFSA 2014-18 crypto.generateCRMFRequest does not validate\n\t type of key\nMFSA 2014-19 Spoofing attack on WebRTC permission prompt\nMFSA 2014-20 onbeforeunload and Javascript navigation DOS\nMFSA 2014-21 Local file access via Open Link in new tab\nMFSA 2014-22 WebGL content injection from one domain to\n\t rendering in another\nMFSA 2014-23 Content Security Policy for data: documents\n\t not preserved by session restore\nMFSA 2014-24 Android Crash Reporter open to manipulation\nMFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable\n\t to relative path escape\nMFSA 2014-26 Information disclosure through polygon\n\t rendering in MathML\nMFSA 2014-27 Memory corruption in Cairo during PDF font\n\t rendering\nMFSA 2014-28 SVG filters information disclosure through\n\t feDisplacementMap\nMFSA 2014-29 Privilege escalation using WebIDL-implemented\n\t APIs\nMFSA 2014-30 Use-after-free in TypeObject\nMFSA 2014-31 Out-of-bounds read/write through neutering\n\t ArrayBuffer objects\nMFSA 2014-32 Out-of-bounds write through TypedArrayObject\n\t after neutering\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2014-03-19T00:00:00", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1507", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1506", "CVE-2014-1496", "CVE-2014-1499"], "modified": "2014-03-20T00:00:00", "id": "610DE647-AF8D-11E3-A25B-B4B52FCE4CE8", "href": "https://vuxml.freebsd.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "references": ["https://vulners.com/securityvulns/securityvulns:doc:30393", "https://vulners.com/securityvulns/securityvulns:doc:30375", "https://vulners.com/securityvulns/securityvulns:doc:30385"], "description": "Buffer overflows, memory corruptions, information leakage, privilege escalation, protection bypass, unauthorized access, interface spoofing.", "edition": 1, "reporter": "MOZILLA", "published": "2014-03-27T00:00:00", "title": "Mozilla Firefox / Thunderbird / Seamonkey / nss multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:54", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1484", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1516", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1507", "CVE-2014-1492", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1515", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1506", "CVE-2014-1496", "CVE-2014-1499"], "modified": "2014-03-27T00:00:00", "id": "SECURITYVULNS:VULN:13621", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13621", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5603", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5599", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1480", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1494", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1499", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1540", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1536", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5596", "https://bugs.gentoo.org/show_bug.cgi?id=541316", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1488", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5591", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5590", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1526", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1491", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1498", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1514", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5592", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1576", "https://bugs.gentoo.org/show_bug.cgi?id=512896", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1594", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5616", "https://bugs.gentoo.org/show_bug.cgi?id=489796", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5593", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1568", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1557", "https://bugs.gentoo.org/show_bug.cgi?id=509050", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1574", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5604", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1531", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1565", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1577", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6672", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1550", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1584", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1534", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5612", "https://bugs.gentoo.org/show_bug.cgi?id=491234", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5614", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1542", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1487", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6673", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1524", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1485", "https://bugs.gentoo.org/show_bug.cgi?id=525474", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1562", "https://bugs.gentoo.org/show_bug.cgi?id=523652", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5609", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1580", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1585", "https://bugs.gentoo.org/show_bug.cgi?id=531408", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1586", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1533", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1543", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1587", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5618", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1525", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5613", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1589", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5619", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1529", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1537", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5602", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1513", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5601", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1481", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1523", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1575", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1477", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5597", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1578", "https://bugs.gentoo.org/show_bug.cgi?id=500320", "https://bugs.gentoo.org/show_bug.cgi?id=505072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6671", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5598", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1512", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0818", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1496", "https://bugs.gentoo.org/show_bug.cgi?id=544056", "https://bugs.gentoo.org/show_bug.cgi?id=536564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5600", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1591", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5615", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1483", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8632", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1545", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1510", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1563", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1581", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1590", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1592", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1582", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1520", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5595", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1552", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1539", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8631", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1490", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5610", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1489", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1553", "https://bugs.gentoo.org/show_bug.cgi?id=493850", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1522", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1519", "https://bugs.gentoo.org/show_bug.cgi?id=522020", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1482", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1530", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1538", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1593", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832", "https://bugs.gentoo.org/show_bug.cgi?id=517876", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1509", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1559", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1486", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1583", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1588", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1492"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.10.6", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/nspr", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "mail-client/thunderbird-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "31.5.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.33.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/seamonkey-bin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "reporter": "Gentoo Foundation", "published": "2015-04-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "modified": "2015-04-08T00:00:00", "id": "GLSA-201504-01", "href": "https://security.gentoo.org/glsa/201504-01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}