Vulnerabilities > CVE-2010-3173 - Cryptographic Issues vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
CWE-310
nessus

Summary

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Vulnerable Configurations

Part Description Count
Application
Mozilla
275

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-211.NASL
    descriptionSecurity issues were identified and fixed in mozilla-thunderbird : The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (CVE-2010-3173). Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176). Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document (CVE-2010-3178). Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method (CVE-2010-3179). Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window (CVE-2010-3180). A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3182). The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted HTML document (CVE-2010-3183). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id50315
    published2010-10-24
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50315
    titleMandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:211)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2010:211. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50315);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:53");
    
      script_cve_id("CVE-2010-3173", "CVE-2010-3174", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183");
      script_bugtraq_id(44243, 44245, 44246, 44247, 44248, 44249, 44251, 44252);
      script_xref(name:"MDVSA", value:"2010:211");
    
      script_name(english:"Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:211)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security issues were identified and fixed in mozilla-thunderbird :
    
    The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
    before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
    SeaMonkey before 2.0.9 does not properly set the minimum key length
    for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
    remote attackers to defeat cryptographic protection mechanisms via a
    brute-force attack (CVE-2010-3173).
    
    Unspecified vulnerability in the browser engine in Mozilla Firefox
    3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before
    2.0.9 allows remote attackers to cause a denial of service (memory
    corruption and application crash) or possibly execute arbitrary code
    via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).
    
    Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
    before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not
    properly handle certain modal calls made by javascript: URLs in
    circumstances related to opening a new window and performing
    cross-domain navigation, which allows remote attackers to bypass the
    Same Origin Policy via a crafted HTML document (CVE-2010-3178).
    
    Stack-based buffer overflow in the text-rendering functionality in
    Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
    before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows
    remote attackers to execute arbitrary code or cause a denial of
    service (memory corruption and application crash) via a long argument
    to the document.write method (CVE-2010-3179).
    
    Use-after-free vulnerability in the nsBarProp function in Mozilla
    Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
    3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote
    attackers to execute arbitrary code by accessing the locationbar
    property of a closed window (CVE-2010-3180).
    
    A certain application-launch script in Mozilla Firefox before 3.5.14
    and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
    3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
    directory name in the LD_LIBRARY_PATH, which allows local users to
    gain privileges via a Trojan horse shared library in the current
    working directory (CVE-2010-3182).
    
    The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and
    3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5,
    and SeaMonkey before 2.0.9 does not properly support
    window.__lookupGetter__ function calls that lack arguments, which
    allows remote attackers to execute arbitrary code or cause a denial of
    service (incorrect pointer dereference and application crash) via a
    crafted HTML document (CVE-2010-3183).
    
    Packages for 2009.0 are provided as of the Extended Maintenance
    Program. Please visit this link to learn more:
    http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4
    90
    
    Additionally, some packages which require so, have been rebuilt and
    are being provided as updates."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozillamessaging.com/en-US/thunderbird/3.0.9/releasenotes/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-af");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-id");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-is");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ka");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-si");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nsinstall");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-af-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ar-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-be-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-bg-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ca-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-cs-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-da-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-de-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-el-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-en_GB-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ar-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ca-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-cs-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-de-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-el-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-es-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-fi-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-fr-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-hu-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-it-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ja-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ko-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-nb-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-nl-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-pl-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-pt-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-pt_BR-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ru-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-sl-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-sv-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-tr-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-zh_CN-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-zh_TW-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-es_AR-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-es_ES-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-et-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-et_EE-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-eu-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-fi-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-fr-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-fy-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ga-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-gl-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-he-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-hu-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-id-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-is-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-it-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ja-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ka-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ko-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-lt-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-nb_NO-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-nl-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-nn_NO-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pa_IN-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pl-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pt_BR-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pt_PT-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ro-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ru-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-si-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sk-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sq-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sr-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sv_SE-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-tr-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-uk-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-vi-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-zh_CN-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-zh_TW-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"nsinstall-3.0.9-0.1mdv2009.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-af-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ar-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-be-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-bg-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ca-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-cs-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-da-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-de-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-el-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-en_GB-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ar-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ca-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-cs-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-de-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-el-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-es-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-fi-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-fr-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-hu-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-it-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ja-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ko-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-nb-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-nl-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-pl-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-pt-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-pt_BR-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ru-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-sl-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-sv-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-tr-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-zh_CN-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-zh_TW-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-es_AR-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-es_ES-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-et-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-et_EE-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-eu-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-fi-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-fr-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-fy-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ga-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-gl-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-he-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-hu-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-id-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-is-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-it-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ja-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ka-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ko-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-lt-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-nb_NO-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-nl-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-nn_NO-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pa_IN-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pl-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pt_BR-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pt_PT-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ro-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ru-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-si-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sk-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sq-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sr-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sv_SE-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-tr-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-uk-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-vi-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-zh_CN-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-zh_TW-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"nsinstall-3.0.9-0.1mdv2010.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-af-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ar-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-be-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-bg-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ca-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-cs-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-da-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-de-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-el-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-en_GB-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ar-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ca-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-cs-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-de-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-el-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-es-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fi-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fr-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-hu-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-it-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ja-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ko-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nb-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nl-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pl-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt_BR-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ru-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sl-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sv-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-tr-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_CN-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_TW-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_AR-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_ES-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-et-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-et_EE-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-eu-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fi-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fr-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fy-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ga-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-gl-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-he-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-hu-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-id-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-is-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-it-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ja-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ka-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ko-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-lt-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nb_NO-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nl-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nn_NO-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pa_IN-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pl-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_BR-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_PT-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ro-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ru-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-si-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sk-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sq-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sr-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sv_SE-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-tr-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-uk-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-vi-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_CN-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_TW-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"nsinstall-3.0.9-0.1mdv2010.1", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2011-0013.NASL
    descriptiona. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id56665
    published2011-10-28
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56665
    titleVMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0782.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a
    last seen2020-06-01
    modified2020-06-02
    plugin id50793
    published2010-11-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50793
    titleCentOS 4 / 5 : firefox (CESA-2010:0782)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C4F067B9DC4A11DF8E32000F20797EDE.NASL
    descriptionThe Mozilla Project reports : MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14) MFSA 2010-65 Buffer overflow and memory corruption using document.write MFSA 2010-66 Use-after-free error in nsBarProp MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter MFSA 2010-68 XSS in gopher parser when parsing hrefs MFSA 2010-69 Cross-site information disclosure via modal calls MFSA 2010-70 SSL wildcard certificate matching IP addresses MFSA 2010-71 Unsafe library loading vulnerabilities MFSA 2010-72 Insecure Diffie-Hellman key exchange
    last seen2020-06-01
    modified2020-06-02
    plugin id50074
    published2010-10-21
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50074
    titleFreeBSD : mozilla -- multiple vulnerabilities (c4f067b9-dc4a-11df-8e32-000f20797ede)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_309.NASL
    descriptionThe installed version of Thunderbird is earlier than 3.0.9. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64) - By passing an excessively long string to
    last seen2020-06-01
    modified2020-06-02
    plugin id50086
    published2010-10-21
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50086
    titleMozilla Thunderbird < 3.0.9 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-210.NASL
    descriptionSecurity issues were identified and fixed in firefox : Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject
    last seen2020-06-01
    modified2020-06-02
    plugin id50314
    published2010-10-24
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50314
    titleMandriva Linux Security Advisory : firefox (MDVSA-2010:210)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0782.NASL
    descriptionFrom Red Hat Security Advisory 2010:0782 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a
    last seen2020-06-01
    modified2020-06-02
    plugin id68121
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68121
    titleOracle Linux 4 / 5 : firefox (ELSA-2010-0782)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3611.NASL
    descriptionThe installed version of Firefox 3.6 is earlier than 3.6.11. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64) - By passing an excessively long string to
    last seen2020-06-01
    modified2020-06-02
    plugin id50085
    published2010-10-21
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50085
    titleFirefox 3.6 < 3.6.11 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3514.NASL
    descriptionThe installed version of Firefox is earlier than 3.5.14. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64) - By passing an excessively long string to
    last seen2020-06-01
    modified2020-06-02
    plugin id50084
    published2010-10-21
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50084
    titleFirefox < 3.5.14 Multiple Vulnerabilities
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2011-0013_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id89681
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89681
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0781.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180) A flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a
    last seen2020-06-01
    modified2020-06-02
    plugin id50792
    published2010-11-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50792
    titleCentOS 3 / 4 : seamonkey (CESA-2010:0781)
  • NASL familyWindows
    NASL idSEAMONKEY_209.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.0.9. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64) - By passing an excessively long string to
    last seen2020-06-01
    modified2020-06-02
    plugin id50088
    published2010-10-21
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50088
    titleSeaMonkey < 2.0.9 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101019_SEAMONKEY_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180) A flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a
    last seen2020-06-01
    modified2020-06-02
    plugin id60872
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60872
    titleScientific Linux Security Update : seamonkey on SL4.x i386/x86_64
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1007-1.NASL
    descriptionRichard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2010-3170) Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode (DHE) key exchange implementation which allowed servers to use a too small key length. (CVE-2010-3173). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50081
    published2010-10-21
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50081
    titleUbuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : nss vulnerabilities (USN-1007-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0782.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a
    last seen2020-06-01
    modified2020-06-02
    plugin id50040
    published2010-10-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50040
    titleRHEL 4 / 5 : firefox (RHSA-2010:0782)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0781.NASL
    descriptionFrom Red Hat Security Advisory 2010:0781 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180) A flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a
    last seen2020-06-01
    modified2020-06-02
    plugin id68120
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68120
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2010-0781)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101019_FIREFOX_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a
    last seen2020-06-01
    modified2020-06-02
    plugin id60870
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60870
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0781.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180) A flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a
    last seen2020-06-01
    modified2020-06-02
    plugin id50039
    published2010-10-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50039
    titleRHEL 3 / 4 : seamonkey (RHSA-2010:0781)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_315.NASL
    descriptionThe installed version of Thunderbird 3.1 is earlier than 3.1.5. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64) - By passing an excessively long string to
    last seen2020-06-01
    modified2020-06-02
    plugin id50087
    published2010-10-21
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50087
    titleMozilla Thunderbird 3.1 < 3.1.5 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2123.NASL
    descriptionSeveral vulnerabilities have been discovered in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id50452
    published2010-11-03
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50452
    titleDebian DSA-2123-1 : nss - several vulnerabilities

Oval

accepted2014-10-06T04:00:32.499-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • namePreeti Subramanian
    organizationSecPod Technologies
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
descriptionThe SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
familywindows
idoval:org.mitre.oval:def:12118
statusaccepted
submitted2010-10-26T10:19:56
titleVulnerability in SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
version41

Redhat

advisories
  • rhsa
    idRHSA-2010:0781
  • rhsa
    idRHSA-2010:0782
rpms
  • seamonkey-0:1.0.9-0.61.el3
  • seamonkey-0:1.0.9-64.el4
  • seamonkey-chat-0:1.0.9-0.61.el3
  • seamonkey-chat-0:1.0.9-64.el4
  • seamonkey-debuginfo-0:1.0.9-0.61.el3
  • seamonkey-debuginfo-0:1.0.9-64.el4
  • seamonkey-devel-0:1.0.9-0.61.el3
  • seamonkey-devel-0:1.0.9-64.el4
  • seamonkey-dom-inspector-0:1.0.9-0.61.el3
  • seamonkey-dom-inspector-0:1.0.9-64.el4
  • seamonkey-js-debugger-0:1.0.9-0.61.el3
  • seamonkey-js-debugger-0:1.0.9-64.el4
  • seamonkey-mail-0:1.0.9-0.61.el3
  • seamonkey-mail-0:1.0.9-64.el4
  • seamonkey-nspr-0:1.0.9-0.61.el3
  • seamonkey-nspr-devel-0:1.0.9-0.61.el3
  • seamonkey-nss-0:1.0.9-0.61.el3
  • seamonkey-nss-devel-0:1.0.9-0.61.el3
  • firefox-0:3.6.11-2.el4
  • firefox-0:3.6.11-2.el5
  • firefox-debuginfo-0:3.6.11-2.el4
  • firefox-debuginfo-0:3.6.11-2.el5
  • nss-0:3.12.8-1.el4
  • nss-0:3.12.8-1.el5
  • nss-debuginfo-0:3.12.8-1.el4
  • nss-debuginfo-0:3.12.8-1.el5
  • nss-devel-0:3.12.8-1.el4
  • nss-devel-0:3.12.8-1.el5
  • nss-pkcs11-devel-0:3.12.8-1.el5
  • nss-tools-0:3.12.8-1.el4
  • nss-tools-0:3.12.8-1.el5
  • xulrunner-0:1.9.2.11-2.el5
  • xulrunner-debuginfo-0:1.9.2.11-2.el5
  • xulrunner-devel-0:1.9.2.11-2.el5