Vulnerabilities > CVE-2010-3765 - Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description Firefox Memory Corruption Proof of Concept (Simplified). CVE-2010-3765. Dos exploits for multiple platform file exploits/multiple/dos/15342.html id EDB-ID:15342 last seen 2016-02-01 modified 2010-10-28 platform multiple port published 2010-10-28 reporter extraexploit source https://www.exploit-db.com/download/15342/ title Firefox Memory Corruption Proof of Concept Simplified type dos description Firefox 3.6.8 - 3.6.11 Interleaving document.write and appendChild Exploit (From the Wild). CVE-2010-3765. Remote exploit for windows platform file exploits/windows/remote/15352.html id EDB-ID:15352 last seen 2016-02-01 modified 2010-10-29 platform windows port published 2010-10-29 reporter Unknown source https://www.exploit-db.com/download/15352/ title Firefox 3.6.8 - 3.6.11 Interleaving document.write and appendChild Exploit From the Wild type remote description Mozilla Firefox Interleaving document.write and appendChild Exploit. CVE-2010-3765. Remote exploit for windows platform id EDB-ID:16509 last seen 2016-02-02 modified 2011-02-22 published 2011-02-22 reporter metasploit source https://www.exploit-db.com/download/16509/ title Mozilla Firefox Interleaving document.write and appendChild Exploit description Firefox Interleaving document.write and appendChild Denial of Service. CVE-2010-3765. Dos exploits for multiple platform file exploits/multiple/dos/15341.html id EDB-ID:15341 last seen 2016-02-01 modified 2010-10-28 platform multiple port published 2010-10-28 reporter Daniel Veditz source https://www.exploit-db.com/download/15341/ title Firefox Interleaving document.write and appendChild Denial of Service type dos
Metasploit
description | This module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This module was written based on a live exploit found in the wild. |
id | MSF:EXPLOIT/WINDOWS/BROWSER/MOZILLA_INTERLEAVED_WRITE |
last seen | 2020-06-10 |
modified | 2017-10-05 |
published | 2011-02-18 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/mozilla_interleaved_write.rb |
title | Mozilla Firefox Interleaved document.write/appendChild Memory Corruption |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLAFIREFOX-101029.NASL description This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. - Memory safety bugs - Firefox 3.6, Firefox 3.5 - CVE-2010-3176 Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. - Memory safety bugs - Firefox 3.6 - CVE-2010-3175 MFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim last seen 2020-06-01 modified 2020-06-02 plugin id 75648 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75648 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaFirefox-3422. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75648); script_version("1.3"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-3170", "CVE-2010-3174", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"); script_name(english:"openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)"); script_summary(english:"Check for the MozillaFirefox-3422 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. - Memory safety bugs - Firefox 3.6, Firefox 3.5 - CVE-2010-3176 Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. - Memory safety bugs - Firefox 3.6 - CVE-2010-3175 MFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. MFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. MFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. MFSA 2010-68 / CVE-2010-3177: Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. MFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another website. MFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. MFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library. MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=645315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=649492" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js192-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"MozillaFirefox-3.6.12-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"MozillaFirefox-branding-upstream-3.6.12-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"MozillaFirefox-translations-common-3.6.12-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"MozillaFirefox-translations-other-3.6.12-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-js192-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-buildsymbols-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-devel-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-gnome-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-translations-common-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"mozilla-xulrunner192-translations-other-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-js192-32bit-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-xulrunner192-32bit-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-xulrunner192-gnome-32bit-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-common-32bit-1.9.2.12-0.8.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-xulrunner192-translations-other-32bit-1.9.2.12-0.8.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-219.NASL description A security issue was identified and fixed in mozilla-thunderbird : Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware (CVE-2010-3765). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 Additionally, some packages which require so, have been rebuilt and are being provided as updates. last seen 2020-06-01 modified 2020-06-02 plugin id 50445 published 2010-11-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50445 title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:219) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:219. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(50445); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2010-3765"); script_xref(name:"MDVSA", value:"2010:219"); script_name(english:"Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:219)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A security issue was identified and fixed in mozilla-thunderbird : Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware (CVE-2010-3765). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 Additionally, some packages which require so, have been rebuilt and are being provided as updates." ); script_set_attribute( attribute:"see_also", value:"http://www.mozillamessaging.com/en-US/thunderbird/3.0.11/releasenotes/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-crawl-system"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-epiphany"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-evolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-gui-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ext-beagle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-af"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-id"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-is"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-si"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nsinstall"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", reference:"beagle-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"beagle-crawl-system-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"beagle-doc-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"beagle-epiphany-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"beagle-evolution-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"beagle-gui-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"beagle-gui-qt-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"beagle-libs-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"firefox-ext-beagle-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-af-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ar-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-be-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-beagle-0.3.8-13.29mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-bg-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ca-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-cs-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-da-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-de-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-el-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-en_GB-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ar-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ca-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-cs-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-de-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-el-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-es-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-fi-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-fr-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-hu-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-it-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ja-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ko-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-nb-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-nl-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-pl-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-pt-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-pt_BR-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ru-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-sl-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-sv-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-tr-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-zh_CN-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-zh_TW-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-es_AR-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-es_ES-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-et-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-et_EE-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-eu-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-fi-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-fr-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-fy-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ga-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-gl-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-he-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-hu-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-id-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-is-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-it-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ja-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ka-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ko-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-lt-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-nb_NO-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-nl-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-nn_NO-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pa_IN-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pl-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pt_BR-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pt_PT-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ro-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ru-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-si-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sk-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sq-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sr-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sv_SE-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-tr-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-uk-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-vi-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-zh_CN-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-zh_TW-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"nsinstall-3.0.10-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"beagle-0.3.9-20.16mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"beagle-crawl-system-0.3.9-20.16mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"beagle-doc-0.3.9-20.16mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"beagle-evolution-0.3.9-20.16mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"beagle-gui-0.3.9-20.16mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"beagle-gui-qt-0.3.9-20.16mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"beagle-libs-0.3.9-20.16mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"firefox-ext-beagle-0.3.9-20.16mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-af-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ar-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-be-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-beagle-0.3.9-20.16mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-bg-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ca-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-cs-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-da-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-de-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-el-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-en_GB-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ar-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ca-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-cs-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-de-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-el-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-es-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-fi-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-fr-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-hu-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-it-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ja-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ko-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-nb-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-nl-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-pl-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-pt-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-pt_BR-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ru-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-sl-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-sv-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-tr-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-zh_CN-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-zh_TW-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-es_AR-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-es_ES-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-et-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-et_EE-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-eu-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-fi-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-fr-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-fy-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ga-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-gl-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-he-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-hu-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-id-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-is-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-it-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ja-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ka-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ko-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-lt-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-nb_NO-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-nl-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-nn_NO-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pa_IN-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pl-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pt_BR-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pt_PT-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ro-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ru-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-si-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sk-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sq-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sr-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sv_SE-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-tr-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-uk-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-vi-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-zh_CN-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-zh_TW-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"nsinstall-3.0.10-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-0.3.9-40.7mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-crawl-system-0.3.9-40.7mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-doc-0.3.9-40.7mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-evolution-0.3.9-40.7mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-gui-0.3.9-40.7mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-gui-qt-0.3.9-40.7mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-libs-0.3.9-40.7mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ext-beagle-0.3.9-40.7mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-af-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ar-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-be-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-beagle-0.3.9-40.7mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-bg-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ca-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-cs-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-da-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-de-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-el-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-en_GB-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ar-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ca-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-cs-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-de-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-el-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-es-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fi-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fr-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-hu-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-it-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ja-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ko-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nb-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nl-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pl-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt_BR-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ru-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sl-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sv-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-tr-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_CN-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_TW-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_AR-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_ES-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-et-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-et_EE-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-eu-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fi-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fr-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fy-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ga-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-gl-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-he-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-hu-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-id-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-is-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-it-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ja-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ka-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ko-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-lt-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nb_NO-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nl-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nn_NO-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pa_IN-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pl-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_BR-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_PT-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ro-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ru-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-si-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sk-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sq-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sr-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sv_SE-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-tr-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-uk-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-vi-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_CN-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_TW-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"nsinstall-3.0.10-0.1mdv2010.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0812.NASL description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Note: JavaScript support is disabled by default in Thunderbird. The CVE-2010-3765 issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 50803 published 2010-11-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50803 title CentOS 4 / 5 : thunderbird (CESA-2010:0812) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0812 and # CentOS Errata and Security Advisory 2010:0812 respectively. # include("compat.inc"); if (description) { script_id(50803); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:05"); script_cve_id("CVE-2010-3765"); script_bugtraq_id(44425); script_xref(name:"RHSA", value:"2010:0812"); script_name(english:"CentOS 4 / 5 : thunderbird (CESA-2010:0812)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Note: JavaScript support is disabled by default in Thunderbird. The CVE-2010-3765 issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2010-November/017133.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?91780f67" ); # https://lists.centos.org/pipermail/centos-announce/2010-November/017134.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e6686ee0" ); # https://lists.centos.org/pipermail/centos-announce/2010-November/017137.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9ea873d2" ); # https://lists.centos.org/pipermail/centos-announce/2010-November/017138.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fa9372e3" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/10/27"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"thunderbird-1.5.0.12-33.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"thunderbird-1.5.0.12-33.el4.centos")) flag++; if (rpm_check(release:"CentOS-5", reference:"thunderbird-2.0.0.24-10.el5.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0896.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a last seen 2020-06-01 modified 2020-06-02 plugin id 50648 published 2010-11-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50648 title RHEL 6 : thunderbird (RHSA-2010:0896) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0896. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(50648); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:15"); script_cve_id("CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"); script_bugtraq_id(44243, 44245, 44247, 44248, 44249, 44251, 44252, 44425); script_xref(name:"RHSA", value:"2010:0896"); script_name(english:"RHEL 6 : thunderbird (RHSA-2010:0896)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3175" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3176" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3178" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3179" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3180" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3182" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3183" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3765" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2010:0896" ); script_set_attribute( attribute:"solution", value: "Update the affected thunderbird and / or thunderbird-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/10/21"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2010:0896"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-3.1.6-1.el6_0")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-3.1.6-1.el6_0")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-3.1.6-1.el6_0")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"thunderbird-debuginfo-3.1.6-1.el6_0")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"thunderbird-debuginfo-3.1.6-1.el6_0")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"thunderbird-debuginfo-3.1.6-1.el6_0")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo"); } }
NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLATHUNDERBIRD-101028.NASL description Mozilla Thunderbird was updated to 3.0.10 to fix one critical security issue. MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. last seen 2020-06-01 modified 2020-06-02 plugin id 75661 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75661 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3429) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaThunderbird-3429. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75661); script_version("1.3"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-3765"); script_name(english:"openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3429)"); script_summary(english:"Check for the MozillaThunderbird-3429 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Mozilla Thunderbird was updated to 3.0.10 to fix one critical security issue. MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=649492" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaThunderbird packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"MozillaThunderbird-3.0.10-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"MozillaThunderbird-devel-3.0.10-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"MozillaThunderbird-translations-common-3.0.10-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"MozillaThunderbird-translations-other-3.0.10-0.3.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"enigmail-1.0.1-4.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLA-XULRUNNER191-101028.NASL description This update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50462 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50462 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update mozilla-xulrunner191-3421. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(50462); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-2753", "CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2763", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-2770", "CVE-2010-3131", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169", "CVE-2010-3170", "CVE-2010-3174", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"); script_name(english:"openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)"); script_summary(english:"Check for the mozilla-xulrunner191-3421 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim's computer. MFSA 2010-52 / CVE-2010-3131: Security researcher Haifei Li of FortiGuard Labs reported that Firefox could be used to load a malicious code library that had been planted on a victim's computer. Firefox attempts to load dwmapi.dll upon startup as part of its platform detection, so on systems that don't have this library, such as Windows XP, Firefox will subsequently attempt to load the library from the current working directory. An attacker could use this vulnerability to trick a user into downloading a HTML file and a malicious copy of dwmapi.dll into the same directory on their computer and opening the HTML file with Firefox, thus causing the malicious code to be executed. If the attacker was on the same network as the victim, the malicious DLL could also be loaded via a UNC path. The attack also requires that Firefox not currently be running when it is asked to open the HTML file and accompanying DLL. As this is a Windows only problem, it does not affect the Linux version. It is listed for completeness only. MFSA 2010-53 / CVE-2010-3166: Security researcher wushi of team509 reported a heap buffer overflow in code routines responsible for transforming text runs. A page could be constructed with a bidirectional text run which upon reflow could result in an incorrect length being calculated for the run of text. When this value is subsequently used to allocate memory for the text too small a buffer may be created potentially resulting in a buffer overflow and the execution of attacker controlled memory. MFSA 2010-54 / CVE-2010-2760: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that there was a remaining dangling pointer issue leftover from the fix to CVE-2010-2753. Under certain circumstances one of the pointers held by a XUL tree selection could be freed and then later reused, potentially resulting in the execution of attacker-controlled memory. MFSA 2010-55 / CVE-2010-3168: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that XUL objects could be manipulated such that the setting of certain properties on the object would trigger the removal of the tree from the DOM and cause certain sections of deleted memory to be accessed. In products based on Gecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer this memory has been overwritten by a value that will cause an unexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5, Thunderbird 3.0, and SeaMonkey 2.0) and older an attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on their computer. MFSA 2010-56 / CVE-2010-3167: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that the implementation of XUL's content view contains a dangling pointer vulnerability. One of the content view's methods for accessing the internal structure of the tree could be manipulated into removing a node prior to accessing it, resulting in the accessing of deleted memory. If an attacker can control the contents of the deleted memory prior to its access they could use this vulnerability to run arbitrary code on a victim's machine. MFSA 2010-57 / CVE-2010-2766: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that code used to normalize a document contained a logical flaw that could be leveraged to run arbitrary code. When the normalization code ran, a static count of the document's child nodes was used in the traversal, so a page could be constructed that would remove DOM nodes during this normalization which could lead to the accessing of a deleted object and potentially the execution of attacker-controlled memory. MFSA 2010-58 / CVE-2010-2770: Security researcher Marc Schoenefeld reported that a specially crafted font could be applied to a document and cause a crash on Mac systems. The crash showed signs of memory corruption and presumably could be used by an attacker to execute arbitrary code on a victim's computer. This issue probably does not affect the Linux builds and so is listed for completeness. MFSA 2010-59 / CVE-2010-2762: Mozilla developer Blake Kaplan reported that the wrapper class XPCSafeJSObjectWrapper (SJOW), a security wrapper that allows content-defined objects to be safely accessed by privileged code, creates scope chains ending in outer objects. Users of SJOWs which expect the scope chain to end on an inner object may be handed a chrome privileged object which could be leveraged to run arbitrary JavaScript with chrome privileges. Michal Zalewski's recent contributions helped to identify this architectural weakness. MFSA 2010-60 / CVE-2010-2763: Mozilla security researcher mozbugr_a4 reported that the wrapper class XPCSafeJSObjectWrapper (SJOW) on the Mozilla 1.9.1 development branch has a logical error in its scripted function implementation that allows the caller to run the function within the context of another site. This is a violation of the same-origin policy and could be used to mount an XSS attack. MFSA 2010-61 / CVE-2010-2768: Security researchers David Huang and Collin Jackson of Carnegie Mellon University CyLab (Silicon Valley campus) reported that the type attribute of an tag can override the charset of a framed HTML document, even when the document is included across origins. A page could be constructed containing such an tag which sets the charset of the framed document to UTF-7. This could potentially allow an attacker to inject UTF-7 encoded JavaScript into a site, bypassing the site's XSS filters, and then executing the code using the above technique. MFSA 2010-62 / CVE-2010-2769: Security researcher Paul Stone reported that when an HTML selection containing JavaScript is copy-and-pasted or dropped onto a document with designMode enabled the JavaScript will be executed within the context of the site where the code was dropped. A malicious site could leverage this issue in an XSS attack by persuading a user into taking such an action and in the process running malicious JavaScript within the context of another site. MFSA 2010-63 / CVE-2010-2764: Matt Haggard reported that the statusText property of an XMLHttpRequest object is readable by the requestor even when the request is made across origins. This status information reveals the presence of a web server and could be used to gather information about servers on internal private networks. This issue was also independently reported to Mozilla by Nicholas Berthaume. MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. - Memory safety bugs - Firefox 3.6, Firefox 3.5 - CVE-2010-3176 Jesse Ruderman reported a crash which affected Firefox 3.5 only. - https://bugzilla.mozilla.org/show_bug.cgi?id=476547 - CVE-2010-3174 MFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. MFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. MFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. MFSA 2010-68 / CVE-2010-3177: Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. MFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another website. MFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. MFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library. MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=476547" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=645315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=649492" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla-xulrunner191 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-gnomevfs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner191-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xpcom191"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-1.9.1.15-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-devel-1.9.1.15-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-translations-common-1.9.1.15-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"mozilla-xulrunner191-translations-other-1.9.1.15-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"python-xpcom191-1.9.1.15-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-xulrunner191"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLA-XULRUNNER191-101028.NASL description This update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 75671 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75671 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLA-XULRUNNER191-101028.NASL description This update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-50 / CVE-2010-2765: Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory. MFSA 2010-51 / CVE-2010-2767: Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50466 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50466 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421) NASL family Scientific Linux Local Security Checks NASL id SL_20101110_FIREFOX_ON_SL6_X.NASL description A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a last seen 2020-06-01 modified 2020-06-02 plugin id 60889 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60889 title Scientific Linux Security Update : firefox on SL6.x i386/x86_64 NASL family Windows NASL id MOZILLA_THUNDERBIRD_3010.NASL description The installed version of Thunderbird is earlier than 3.0.10. Such versions are potentially affected by a heap-based buffer overflow vulnerability. The combination of DOM insertions and the handling of the JavaScript function last seen 2020-06-01 modified 2020-06-02 plugin id 50384 published 2010-10-28 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50384 title Mozilla Thunderbird < 3.0.10 Buffer Overflow NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1011-1.NASL description Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50378 published 2010-10-28 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50378 title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5 vulnerability (USN-1011-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0809.NASL description From Red Hat Security Advisory 2010:0809 : Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A race condition flaw was found in the way XULRunner handled Document Object Model (DOM) element properties. Malicious HTML content could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3765) For technical details regarding this flaw, refer to the Mozilla security advisories for Firefox 3.6.12. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68128 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68128 title Oracle Linux 5 : xulrunner (ELSA-2010-0809) NASL family Windows NASL id SEAMONKEY_2010.NASL description The installed version of SeaMonkey is earlier than 2.0.10. Such versions are potentially affected by a heap-based buffer overflow vulnerability. The combination of DOM insertions and the handling of the JavaScript function last seen 2020-06-01 modified 2020-06-02 plugin id 50386 published 2010-10-28 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50386 title SeaMonkey < 2.0.10 Buffer Overflow NASL family SuSE Local Security Checks NASL id SUSE_11_2_SEAMONKEY-101028.NASL description Mozilla SeaMonkey was updated to 2.0.10 to fix one critical security issue. MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. last seen 2020-06-01 modified 2020-06-02 plugin id 50467 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50467 title openSUSE Security Update : seamonkey (seamonkey-3428) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0808.NASL description An updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Firefox is an open source web browser. A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) For technical details regarding this flaw, refer to the Mozilla security advisories for Firefox 3.6.12. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 50361 published 2010-10-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50361 title RHEL 4 : firefox (RHSA-2010:0808) NASL family SuSE Local Security Checks NASL id SUSE_11_1_SEAMONKEY-101028.NASL description Mozilla SeaMonkey was updated to 2.0.10 to fix one critical security issue. MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. last seen 2020-06-01 modified 2020-06-02 plugin id 50463 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50463 title openSUSE Security Update : seamonkey (seamonkey-3428) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-101103.NASL description This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64) Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. - Memory safety bugs - Firefox 3.6, Firefox 3.5 - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176) - Memory safety bugs - Firefox 3.6 - CVE-2010-3175 - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50876 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50876 title SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C223B00DE27211DF8E32000F20797EDE.NASL description The Mozilla Project reports : MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion last seen 2020-06-01 modified 2020-06-02 plugin id 50404 published 2010-10-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50404 title FreeBSD : mozilla -- Heap buffer overflow mixing document.write and DOM insertion (c223b00d-e272-11df-8e32-000f20797ede) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-213.NASL description A vulnerability was discovered and corrected in xulrunner : Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware (CVE-2010-3765). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 50406 published 2010-10-29 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50406 title Mandriva Linux Security Advisory : xulrunner (MDVSA-2010:213) NASL family Scientific Linux Local Security Checks NASL id SL_20101027_XULRUNNER_ON_SL5_X.NASL description A race condition flaw was found in the way XULRunner handled Document Object Model (DOM) element properties. Malicious HTML content could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3765) After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60880 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60880 title Scientific Linux Security Update : xulrunner on SL5.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0808.NASL description An updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Firefox is an open source web browser. A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) For technical details regarding this flaw, refer to the Mozilla security advisories for Firefox 3.6.12. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 50799 published 2010-11-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50799 title CentOS 4 : firefox (CESA-2010:0808) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1011-2.NASL description USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50411 published 2010-10-29 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50411 title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : thunderbird vulnerability (USN-1011-2) NASL family Scientific Linux Local Security Checks NASL id SL_20101027_SEAMONKEY_ON_SL3_X.NASL description A race condition flaw was found in the way SeaMonkey handled Document Object Model (DOM) element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3765) After installing the update, SeaMonkey must be restarted for the changes to take effect Note1: The Upstream Vendor has released this update. We feel that we should provide it to those few SL3 machines that are left. Note2: The Upstream Vendor ends support for their release in 3 days. So we expect this to be the last update for SL3. last seen 2020-06-01 modified 2020-06-02 plugin id 60879 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60879 title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1011-3.NASL description USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50412 published 2010-10-29 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50412 title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : xulrunner-1.9.1, xulrunner-1.9.2 vulnerability (USN-1011-3) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-101028.NASL description This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. - Memory safety bugs - Firefox 3.6, Firefox 3.5 - CVE-2010-3176 Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. - Memory safety bugs - Firefox 3.6 - CVE-2010-3175 MFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50460 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50460 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0808.NASL description From Red Hat Security Advisory 2010:0808 : An updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Firefox is an open source web browser. A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) For technical details regarding this flaw, refer to the Mozilla security advisories for Firefox 3.6.12. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68127 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68127 title Oracle Linux 4 : firefox (ELSA-2010-0808) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0809.NASL description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A race condition flaw was found in the way XULRunner handled Document Object Model (DOM) element properties. Malicious HTML content could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3765) For technical details regarding this flaw, refer to the Mozilla security advisories for Firefox 3.6.12. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 50800 published 2010-11-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50800 title CentOS 5 : xulrunner (CESA-2010:0809) NASL family SuSE Local Security Checks NASL id SUSE_11_3_SEAMONKEY-101028.NASL description Mozilla SeaMonkey was updated to 2.0.10 to fix one critical security issue. MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. last seen 2020-06-01 modified 2020-06-02 plugin id 75734 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75734 title openSUSE Security Update : seamonkey (seamonkey-3428) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0812.NASL description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Note: JavaScript support is disabled by default in Thunderbird. The CVE-2010-3765 issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 50408 published 2010-10-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50408 title RHEL 4 / 5 : thunderbird (RHSA-2010:0812) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0861.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a last seen 2020-06-01 modified 2020-06-02 plugin id 50633 published 2010-11-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50633 title RHEL 6 : firefox (RHSA-2010:0861) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0812.NASL description From Red Hat Security Advisory 2010:0812 : An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Note: JavaScript support is disabled by default in Thunderbird. The CVE-2010-3765 issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68131 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68131 title Oracle Linux 4 : thunderbird (ELSA-2010-0812) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0810.NASL description From Red Hat Security Advisory 2010:0810 : Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A race condition flaw was found in the way SeaMonkey handled Document Object Model (DOM) element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3765) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68129 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68129 title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0810) NASL family Fedora Local Security Checks NASL id FEDORA_2010-16885.NASL description Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories : - http://www.mozilla.org/security/known-vulnerabilities/fi refox35.html#firefox3.5.14 - http://www.mozilla.org/security/known-vulnerabilities/ firefox35.html#firefox3.5.15 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50422 published 2010-11-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50422 title Fedora 12 : firefox-3.5.15-1.fc12 / galeon-2.0.7-27.fc12 / gnome-python2-extras-2.25.3-22.fc12 / etc (2010-16885) NASL family Windows NASL id MOZILLA_FIREFOX_3515.NASL description The installed version of Firefox is earlier than 3.5.15. Such versions are potentially affected by a heap-based buffer overflow vulnerability. The combination of DOM insertions and the handling of the JavaScript function last seen 2020-06-01 modified 2020-06-02 plugin id 50382 published 2010-10-28 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50382 title Firefox < 3.5.15 Buffer Overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0810.NASL description Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A race condition flaw was found in the way SeaMonkey handled Document Object Model (DOM) element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3765) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 50363 published 2010-10-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50363 title RHEL 3 / 4 : seamonkey (RHSA-2010:0810) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family Windows NASL id MOZILLA_THUNDERBIRD_316.NASL description The installed version of Thunderbird 3.1 is earlier than 3.1.6. Such versions are potentially affected by a heap-based buffer overflow vulnerability. The combination of DOM insertions and the handling of the JavaScript function last seen 2020-06-01 modified 2020-06-02 plugin id 50385 published 2010-10-28 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50385 title Mozilla Thunderbird 3.1 < 3.1.6 Buffer Overflow NASL family Fedora Local Security Checks NASL id FEDORA_2010-16883.NASL description Update to new upstream Firefox version 3.6.12, fixing one security issue detailed in the upstream advisory : http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f irefox3.6.12 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50402 published 2010-10-29 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50402 title Fedora 13 : firefox-3.6.12-1.fc13 / galeon-2.0.7-35.fc13 / gnome-python2-extras-2.25.3-24.fc13 / etc (2010-16883) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-305-01.NASL description New seamonkey packages are available for Slackware 12.2, 13.0, 13.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50427 published 2010-11-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50427 title Slackware 12.2 / 13.0 / 13.1 / current : seamonkey (SSA:2010-305-01) NASL family Fedora Local Security Checks NASL id FEDORA_2010-16897.NASL description Update to new upstream Firefox version 3.6.12, fixing multiple security issues detailed in the upstream advisories : - http://www.mozilla.org/security/known-vulnerabilities/fi refox36.html#firefox3.6.11 - http://www.mozilla.org/security/known-vulnerabilities/ firefox36.html#firefox3.6.12 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50403 published 2010-10-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50403 title Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLATHUNDERBIRD-101028.NASL description Mozilla Thunderbird was updated to 3.0.10 to fix one critical security issue. MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. last seen 2020-06-01 modified 2020-06-02 plugin id 50461 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50461 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3429) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0810.NASL description Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A race condition flaw was found in the way SeaMonkey handled Document Object Model (DOM) element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3765) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 50801 published 2010-11-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50801 title CentOS 3 / 4 : seamonkey (CESA-2010:0810) NASL family Fedora Local Security Checks NASL id FEDORA_2010-17105.NASL description Update to new upstream SeaMonkey version 2.0.10, fixing multiple security issues detailed in the upstream advisories : - http://www.mozilla.org/security/known-vulnerabilities/se amonkey20.html#seamonkey2.0.9 - http://www.mozilla.org/security/known-vulnerabilities/ seamonkey20.html#seamonkey2.0.10 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50459 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50459 title Fedora 14 : seamonkey-2.0.10-1.fc14 (2010-17105) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2124.NASL description Several vulnerabilities have been discovered in Xulrunner, the component that provides the core functionality of Iceweasel, Debian last seen 2020-06-01 modified 2020-06-02 plugin id 50453 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50453 title Debian DSA-2124-1 : xulrunner - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0809.NASL description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A race condition flaw was found in the way XULRunner handled Document Object Model (DOM) element properties. Malicious HTML content could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3765) For technical details regarding this flaw, refer to the Mozilla security advisories for Firefox 3.6.12. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 50362 published 2010-10-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50362 title RHEL 5 : xulrunner (RHSA-2010:0809) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLATHUNDERBIRD-101028.NASL description Mozilla Thunderbird was updated to 3.0.10 to fix one critical security issue. MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. last seen 2020-06-01 modified 2020-06-02 plugin id 50465 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50465 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3429) NASL family Windows NASL id MOZILLA_FIREFOX_3612.NASL description The installed version of Firefox 3.6 is earlier than 3.6.12. Such versions are potentially affected by a heap-based buffer overflow vulnerability. The combination of DOM insertions and the handling of the JavaScript function last seen 2020-06-01 modified 2020-06-02 plugin id 50383 published 2010-10-28 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50383 title Firefox 3.6 < 3.6.12 Buffer Overflow NASL family Scientific Linux Local Security Checks NASL id SL_20101027_FIREFOX_ON_SL4_X.NASL description A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60878 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60878 title Scientific Linux Security Update : firefox on SL4.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLA-XULRUNNER191-101118.NASL description This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64) Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. - Memory safety bugs - Firefox 3.6, Firefox 3.5 - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176) - Memory safety bugs - Firefox 3.6 - CVE-2010-3175 - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50952 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50952 title SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558) NASL family Scientific Linux Local Security Checks NASL id SL_20101117_THUNDERBIRD_ON_SL6_X.NASL description A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a last seen 2020-06-01 modified 2020-06-02 plugin id 60905 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60905 title Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLAFIREFOX-101028.NASL description This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. - Memory safety bugs - Firefox 3.6, Firefox 3.5 - CVE-2010-3176 Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. - Memory safety bugs - Firefox 3.6 - CVE-2010-3175 MFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim last seen 2020-06-01 modified 2020-06-02 plugin id 50464 published 2010-11-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50464 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)
Oval
accepted | 2014-10-06T04:00:31.525-04:00 | ||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||
description | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:12108 | ||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||
submitted | 2010-12-06T12:42:16 | ||||||||||||||||||||||||||||||||||||||||||||
title | Arbitrary code execution vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10 | ||||||||||||||||||||||||||||||||||||||||||||
version | 35 |
Packetstorm
data source https://packetstormsecurity.com/files/download/95278/firefox-memcorrupt.txt id PACKETSTORM:95278 last seen 2016-12-05 published 2010-10-29 reporter Packet Storm source https://packetstormsecurity.com/files/95278/Firefox-Memory-Corruption.html title Firefox Memory Corruption data source https://packetstormsecurity.com/files/download/98589/mozilla_interleaved_write.rb.txt id PACKETSTORM:98589 last seen 2016-12-05 published 2011-02-19 reporter scriptjunkie source https://packetstormsecurity.com/files/98589/Mozilla-Firefox-Interleaving-document.write-appendChild-Code-Execution.html title Mozilla Firefox Interleaving document.write / appendChild Code Execution data source https://packetstormsecurity.com/files/download/95201/firefoxappend-dos.txt id PACKETSTORM:95201 last seen 2016-12-05 published 2010-10-28 reporter Packet Storm source https://packetstormsecurity.com/files/95201/Firefox-Interleaving-Denial-Of-Service.html title Firefox Interleaving Denial Of Service
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Saint
bid | 44425 |
description | Mozilla Firefox document.write and DOM insertion memory corruption |
id | web_client_firefox |
osvdb | 68905 |
title | firefox_document_write_dom |
type | client |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:20209 last seen 2017-11-19 modified 2010-10-29 published 2010-10-29 reporter Root source https://www.seebug.org/vuldb/ssvid-20209 title Firefox Memory Corruption Proof of Concept (Simplified) bulletinFamily exploit description BUGTRAQ ID: 44425 CVE ID: CVE-2010-3765 Firefox是一款非常流行的开源WEB浏览器。 在启用了JavaScript的情况下,Firefox的document.write()方式处理结合DOM注入可能触发堆溢出。攻击者可以通过 nsCSSFrameConstructor::ContentAppended、appendChild等方式触发这个漏洞,导致完全入侵用户系统。 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x Mozilla Thunderbird 3.1.x Mozilla Thunderbird 3.0.x Mozilla SeaMonkey < 2.0.10 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/ RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2010:0808-01)以及相应补丁: RHSA-2010:0808-01:Critical: firefox security update 链接:https://www.redhat.com/support/errata/RHSA-2010-0808.html id SSV:20217 last seen 2017-11-19 modified 2010-11-01 published 2010-11-01 reporter Root source https://www.seebug.org/vuldb/ssvid-20217 title Mozilla Firefox document.write()方式堆溢出漏洞
References
- http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
- http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- http://isc.sans.edu/diary.html?storyid=9817
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
- http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
- http://secunia.com/advisories/41761
- http://secunia.com/advisories/41965
- http://secunia.com/advisories/41966
- http://secunia.com/advisories/41969
- http://secunia.com/advisories/41975
- http://secunia.com/advisories/42003
- http://secunia.com/advisories/42008
- http://secunia.com/advisories/42043
- http://secunia.com/advisories/42867
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
- http://support.avaya.com/css/P8/documents/100114329
- http://support.avaya.com/css/P8/documents/100114335
- http://www.debian.org/security/2010/dsa-2124
- http://www.exploit-db.com/exploits/15341
- http://www.exploit-db.com/exploits/15342
- http://www.exploit-db.com/exploits/15352
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
- http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
- http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
- http://www.norman.com/security_center/virus_description_archive/129146/
- http://www.redhat.com/support/errata/RHSA-2010-0808.html
- http://www.redhat.com/support/errata/RHSA-2010-0809.html
- http://www.redhat.com/support/errata/RHSA-2010-0810.html
- http://www.redhat.com/support/errata/RHSA-2010-0861.html
- http://www.redhat.com/support/errata/RHSA-2010-0896.html
- http://www.securityfocus.com/bid/44425
- http://www.securitytracker.com/id?1024645
- http://www.securitytracker.com/id?1024650
- http://www.securitytracker.com/id?1024651
- http://www.ubuntu.com/usn/usn-1011-1
- http://www.ubuntu.com/usn/USN-1011-2
- http://www.ubuntu.com/usn/USN-1011-3
- http://www.vupen.com/english/advisories/2010/2837
- http://www.vupen.com/english/advisories/2010/2857
- http://www.vupen.com/english/advisories/2010/2864
- http://www.vupen.com/english/advisories/2010/2871
- http://www.vupen.com/english/advisories/2011/0061
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222
- https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
- https://bugzilla.redhat.com/show_bug.cgi?id=646997
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
- https://rhn.redhat.com/errata/RHSA-2010-0812.html