Vulnerabilities > CVE-2011-0071 - Path Traversal vulnerability in Mozilla Firefox and Seamonkey

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mozilla
CWE-22
nessus
NVD
Published: 2011-05-07
Updated: 2024-11-21

Summary

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.

Vulnerable Configurations

Part Description Count
Application
Mozilla
314
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-080.NASL
    descriptionSecurity issues were identified and fixed in mozilla-thunderbird : Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed (CVE-2011-0071). Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-0081, CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072). The mozilla-thunderbird-lightning package shipped with MDVSA-2011:042 had a packaging bug that prevented extension to be loaded (#59951). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id53617
    published2011-05-02
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53617
    titleMandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:080)
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2011:080. 
# The text itself is copyright (C) Mandriva S.A.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(53617);
  script_version("1.8");
  script_cvs_date("Date: 2019/08/02 13:32:54");

  script_cve_id("CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0080", "CVE-2011-0081");
  script_xref(name:"MDVSA", value:"2011:080");

  script_name(english:"Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:080)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security issues were identified and fixed in mozilla-thunderbird :

Security researcher Soroush Dalili reported that the resource:
protocol could be exploited to allow directory traversal on Windows
and the potential loading of resources from non-permitted locations.
The impact would depend on whether interesting files existed in
predictable locations in a useful format. For example, the existence
or non-existence of particular images might indicate whether certain
software was installed (CVE-2011-0071).

Mozilla developers identified and fixed several memory safety bugs in
the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of
these could be exploited to run arbitrary code (CVE-2011-0081,
CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,
CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).

The mozilla-thunderbird-lightning package shipped with MDVSA-2011:042
had a packaging bug that prevented extension to be loaded (#59951).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozillamessaging.com/en-US/thunderbird/3.1.10/releasenotes/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-crawl-system");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-epiphany");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-evolution");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-gui-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ext-beagle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-af");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-id");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-is");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ka");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-si");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nsinstall");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/05/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2009.0", reference:"beagle-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"beagle-crawl-system-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"beagle-doc-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"beagle-epiphany-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"beagle-evolution-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"beagle-gui-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"beagle-gui-qt-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"beagle-libs-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"firefox-ext-beagle-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-af-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ar-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-be-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-beagle-0.3.8-13.37mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-bg-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-bn_BD-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ca-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-cs-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-da-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-de-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-el-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-en_GB-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ar-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ca-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-cs-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-de-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-el-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-es-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-fi-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-fr-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-hu-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-it-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ja-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ko-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-nb-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-nl-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-pl-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-pt-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-pt_BR-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-ru-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-sl-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-sv-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-tr-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-vi-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-zh_CN-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-enigmail-zh_TW-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-es_AR-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-es_ES-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-et-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-et_EE-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-eu-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-fi-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-fr-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-fy-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ga-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-gd-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-gl-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-he-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-hu-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-id-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-is-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-it-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ja-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ka-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ko-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-lightning-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-lt-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-nb_NO-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-nl-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-nn_NO-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pa_IN-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pl-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pt_BR-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-pt_PT-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ro-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-ru-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-si-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sk-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sl-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sq-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sr-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-sv_SE-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-tr-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-uk-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-vi-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-zh_CN-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"mozilla-thunderbird-zh_TW-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"nsinstall-3.1.10-0.1mdv2009.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2010.0", reference:"beagle-0.3.9-20.25mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"beagle-crawl-system-0.3.9-20.25mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"beagle-doc-0.3.9-20.25mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"beagle-evolution-0.3.9-20.25mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"beagle-gui-0.3.9-20.25mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"beagle-gui-qt-0.3.9-20.25mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"beagle-libs-0.3.9-20.25mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"firefox-ext-beagle-0.3.9-20.25mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-af-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ar-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-be-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-beagle-0.3.9-20.25mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-bg-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-bn_BD-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ca-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-cs-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-da-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-de-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-el-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-en_GB-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ar-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ca-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-cs-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-de-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-el-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-es-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-fi-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-fr-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-hu-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-it-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ja-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ko-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-nb-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-nl-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-pl-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-pt-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-pt_BR-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-ru-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-sl-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-sv-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-tr-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-vi-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-zh_CN-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-enigmail-zh_TW-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-es_AR-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-es_ES-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-et-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-et_EE-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-eu-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-fi-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-fr-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-fy-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ga-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-gd-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-gl-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-he-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-hu-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-id-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-is-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-it-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ja-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ka-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ko-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-lightning-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-lt-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-nb_NO-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-nl-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-nn_NO-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pa_IN-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pl-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pt_BR-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-pt_PT-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ro-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-ru-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-si-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sk-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sl-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sq-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sr-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-sv_SE-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-tr-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-uk-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-vi-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-zh_CN-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mozilla-thunderbird-zh_TW-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"nsinstall-3.1.10-0.1mdv2010.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2010.1", reference:"beagle-0.3.9-40.15mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"beagle-crawl-system-0.3.9-40.15mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"beagle-doc-0.3.9-40.15mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"beagle-evolution-0.3.9-40.15mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"beagle-gui-0.3.9-40.15mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"beagle-gui-qt-0.3.9-40.15mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"beagle-libs-0.3.9-40.15mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"firefox-ext-beagle-0.3.9-40.15mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-af-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ar-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-be-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-beagle-0.3.9-40.15mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-bg-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-bn_BD-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ca-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-cs-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-da-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-de-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-el-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-en_GB-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ar-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ca-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-cs-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-de-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-el-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-es-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fi-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fr-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-hu-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-it-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ja-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ko-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nb-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nl-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pl-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt_BR-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ru-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sl-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sv-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-tr-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-vi-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_CN-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_TW-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_AR-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_ES-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-et-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-et_EE-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-eu-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fi-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fr-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fy-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ga-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-gd-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-gl-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-he-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-hu-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-id-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-is-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-it-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ja-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ka-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ko-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-lightning-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-lt-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nb_NO-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nl-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nn_NO-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pa_IN-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pl-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_BR-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_PT-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ro-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ru-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-si-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sk-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sl-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sq-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sr-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sv_SE-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-tr-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-uk-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-vi-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_CN-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_TW-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"nsinstall-3.1.10-0.1mdv2010.2", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110428_THUNDERBIRD_ON_SL6_X.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078) An integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the
    last seen2020-06-01
    modified2020-06-02
    plugin id61029
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61029
    titleScientific Linux Security Update : thunderbird on SL6.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-079.NASL
    descriptionChris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system (CVE-2011-1202). Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed (CVE-2011-0071). David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id53616
    published2011-05-02
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53616
    titleMandriva Linux Security Advisory : firefox (MDVSA-2011:079)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1112-1.NASL
    descriptionIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0081) It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069) Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070) Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0080) Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0074, CVE-2011-0075) Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0077, CVE-2011-0078) Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0072) It was discovered that there were use-after-free vulnerabilities in Firefox
    last seen2020-06-01
    modified2020-06-02
    plugin id55070
    published2011-06-13
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55070
    titleUbuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-1112-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1122-2.NASL
    descriptionUSN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0081) It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069) Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070) Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080) Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075) Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078) Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072) It was discovered that there were use-after-free vulnerabilities in Thunderbird
    last seen2020-06-01
    modified2020-06-02
    plugin id55081
    published2011-06-13
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55081
    titleUbuntu 11.04 : thunderbird vulnerabilities (USN-1122-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0471.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078) An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the
    last seen2020-06-01
    modified2020-06-02
    plugin id53580
    published2011-04-29
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53580
    titleRHEL 4 / 5 / 6 : firefox (RHSA-2011:0471)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1123-1.NASL
    descriptionA large number of security issues were discovered in the Gecko rendering engine. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55083
    published2011-06-13
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55083
    titleUbuntu 9.10 : Multiple Xulrunner 1.9.1 vulnerabilities (USN-1123-1)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_3110.NASL
    descriptionThe installed version of Thunderbird 3.1 is earlier than 3.1.10. Such versions are potentially affected by the following security issues : - An error in the resource protocol can allow directory traversal. (CVE-2011-0071) - Multiple memory safety issues can lead to application crashes and possibly remote code execution. (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081)
    last seen2020-06-01
    modified2020-06-02
    plugin id53596
    published2011-04-29
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53596
    titleMozilla Thunderbird 3.1 < 3.1.10 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLAFIREFOX-110429.NASL
    descriptionMozilla Firefox was updated to the 3.6.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75652
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75652
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1122-1.NASL
    descriptionIt was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0081) It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069) Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070) Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080) Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075) Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078) Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072) It was discovered that there were use-after-free vulnerabilities in Thunderbird
    last seen2020-06-01
    modified2020-06-02
    plugin id55080
    published2011-06-13
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55080
    titleUbuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0471.NASL
    descriptionFrom Red Hat Security Advisory 2011:0471 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078) An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the
    last seen2020-06-01
    modified2020-06-02
    plugin id68261
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68261
    titleOracle Linux 4 / 5 / 6 : firefox (ELSA-2011-0471)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2228.NASL
    descriptionSeveral vulnerabilities have been found in Iceweasel, a web browser based on Firefox : - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081
    last seen2020-03-17
    modified2011-05-02
    plugin id53603
    published2011-05-02
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53603
    titleDebian DSA-2228-1 : iceweasel - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1122-3.NASL
    descriptionUSN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. We apologize for the inconvenience. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0081) It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069) Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070) Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080) Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075) Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078) Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072) It was discovered that there were use-after-free vulnerabilities in Thunderbird
    last seen2020-06-01
    modified2020-06-02
    plugin id55082
    published2011-06-13
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55082
    titleUbuntu 11.04 : thunderbird regression (USN-1122-3)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2227.NASL
    descriptionSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081
    last seen2020-03-17
    modified2011-05-02
    plugin id53602
    published2011-05-02
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53602
    titleDebian DSA-2227-1 : iceape - several vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3519.NASL
    descriptionThe installed version of Firefox is earlier than 3.5.19. Such versions are potentially affected by the following security issues : - Multiple use-after-free errors exist in the handling of the object attributes
    last seen2020-06-01
    modified2020-06-02
    plugin id53593
    published2011-04-29
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53593
    titleFirefox < 3.5.19 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7491.NASL
    descriptionMozilla Firefox was updated to the 3.6.17 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12) Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6. (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id53649
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53649
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7491)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0475.NASL
    descriptionFrom Red Hat Security Advisory 2011:0475 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078) An integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the
    last seen2020-06-01
    modified2020-06-02
    plugin id68265
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68265
    titleOracle Linux 6 : thunderbird (ELSA-2011-0475)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0475.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078) An integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the
    last seen2020-06-01
    modified2020-06-02
    plugin id53584
    published2011-04-29
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53584
    titleRHEL 6 : thunderbird (RHSA-2011:0475)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3617.NASL
    descriptionThe installed version of Firefox 3.6 is earlier than 3.6.17. Such versions are potentially affected by the following security issues : - Multiple use-after-free errors exist in the handling of the object attributes
    last seen2020-06-01
    modified2020-06-02
    plugin id53594
    published2011-04-29
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53594
    titleFirefox 3.6 < 3.6.17 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0471.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078) An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the
    last seen2020-06-01
    modified2020-06-02
    plugin id53598
    published2011-05-02
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53598
    titleCentOS 4 / 5 : firefox (CESA-2011:0471)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7490.NASL
    descriptionMozilla Firefox was updated to the 3.6.17 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12) Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6. (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id57148
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57148
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7490)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-110429.NASL
    descriptionMozilla Firefox was updated to the 3.6.17 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12) Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6. (CVE-2011-0081) - The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id53647
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53647
    titleSuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 4463)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2235.NASL
    descriptionSeveral vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081
    last seen2020-03-17
    modified2011-05-11
    plugin id53862
    published2011-05-11
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53862
    titleDebian DSA-2235-1 : icedove - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLAFIREFOX-110429.NASL
    descriptionMozilla Firefox was updated to the 3.6.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id53772
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53772
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyWindows
    NASL idSEAMONKEY_2014.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.0.14. Such versions are potentially affected by the following security issues : - Multiple use-after-free errors exist in the handling of the object attributes
    last seen2020-06-01
    modified2020-06-02
    plugin id53597
    published2011-04-29
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53597
    titleSeaMonkey < 2.0.14 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLA-JS192-110429.NASL
    descriptionMozilla XULRunner 1.9.2 was updated to the 1.9.2.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint
    last seen2020-06-01
    modified2020-06-02
    plugin id75956
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75956
    titleopenSUSE Security Update : mozilla-js192 (mozilla-js192-4460)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110428_FIREFOX_ON_SL4_X.NASL
    descriptionMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078) An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the
    last seen2020-06-01
    modified2020-06-02
    plugin id61025
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61025
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64

Oval

accepted2014-10-06T04:01:05.798-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
descriptionDirectory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
familywindows
idoval:org.mitre.oval:def:14058
statusaccepted
submitted2011-11-25T18:07:42.000-05:00
titleDirectory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
version36

Redhat

rpms
  • firefox-0:3.6.17-1.el5_6
  • firefox-0:3.6.17-1.el6_0
  • firefox-0:3.6.17-2.el4
  • firefox-debuginfo-0:3.6.17-1.el5_6
  • firefox-debuginfo-0:3.6.17-1.el6_0
  • firefox-debuginfo-0:3.6.17-2.el4
  • xulrunner-0:1.9.2.17-3.el5_6
  • xulrunner-0:1.9.2.17-4.el6_0
  • xulrunner-debuginfo-0:1.9.2.17-3.el5_6
  • xulrunner-debuginfo-0:1.9.2.17-4.el6_0
  • xulrunner-devel-0:1.9.2.17-3.el5_6
  • xulrunner-devel-0:1.9.2.17-4.el6_0
  • thunderbird-0:3.1.10-1.el6_0
  • thunderbird-debuginfo-0:3.1.10-1.el6_0

References