Vulnerabilities > CVE-2011-3651 - Memory Corruption vulnerability in Mozilla Firefox and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-169.NASL description Security issues were identified and fixed in mozilla NSS, firefox and thunderbird : 22 weak 512-bit certificates issued by the DigiCert Sdn. Bhd certificate authority has been revoked from the root CA storage. This was fixed with rootcerts-20111103.00 and nss-3.13. DigiCert Sdn. Bhd is a Malaysian subordinate CA under Entrust and Verizon (GTE CyberTrust). It bears no affiliation whatsoever with the US-based corporation DigiCert, Inc., which is a member of Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 56765 published 2011-11-10 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56765 title Mandriva Linux Security Advisory : mozilla (MDVSA-2011:169) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2011:169. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(56765); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2011-3640", "CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3654", "CVE-2011-3655"); script_bugtraq_id(50589, 50594, 50595, 50597, 50600, 50602); script_xref(name:"MDVSA", value:"2011:169"); script_name(english:"Mandriva Linux Security Advisory : mozilla (MDVSA-2011:169)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security issues were identified and fixed in mozilla NSS, firefox and thunderbird : 22 weak 512-bit certificates issued by the DigiCert Sdn. Bhd certificate authority has been revoked from the root CA storage. This was fixed with rootcerts-20111103.00 and nss-3.13. DigiCert Sdn. Bhd is a Malaysian subordinate CA under Entrust and Verizon (GTE CyberTrust). It bears no affiliation whatsoever with the US-based corporation DigiCert, Inc., which is a member of Mozilla's root program. Untrusted search path vulnerability in Mozilla Network Security Services (NSS) might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory (CVE-2011-3640). Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding (CVE-2011-3648). Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug (CVE-2011-3650). The following vulnerabilities affetst Mandriva Linux 2011 only : Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-3651). The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2011-3652). The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2011-3654). Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site (CVE-2011-3655). The following vulnerabilities affects Mandriva Enterpriser Server 5.2 and Mandriva Linux 2010.2 only : The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004 (CVE-2011-3647). Additionally, some packages which require so, have been rebuilt and are being provided as updates." ); # http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?71e2509a" ); script_set_attribute( attribute:"see_also", value:"http://www.mozilla.org/security/announce/2011/mfsa2011-46.html" ); script_set_attribute( attribute:"see_also", value:"http://www.mozilla.org/security/announce/2011/mfsa2011-47.html" ); script_set_attribute( attribute:"see_also", value:"http://www.mozilla.org/security/announce/2011/mfsa2011-48.html" ); script_set_attribute( attribute:"see_also", value:"http://www.mozilla.org/security/announce/2011/mfsa2011-49.html" ); script_set_attribute( attribute:"see_also", value:"http://www.mozilla.org/security/announce/2011/mfsa2011-52.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-crawl-system"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-evolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-gui-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:beagle-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-af"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ast"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-be"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-br"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-cy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-da"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-en_GB"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-eo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_AR"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_ES"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-eu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ext-beagle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ext-blogrovr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ext-mozvoikko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ext-r-kiosk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ext-scribefire"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ext-weave-sync"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ext-xmarks"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ga_IE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-gu_IN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-he"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-id"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-is"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-kk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-kn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ku"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-lg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-lt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-lv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-mai"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-mk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-mr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nb_NO"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nn_NO"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nso"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-oc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-or"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pa_IN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pt_BR"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pt_PT"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-si"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sv_SE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-te"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-th"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-tr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-uk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-vi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-zh_CN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-zh_TW"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-zu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gjs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnome-python-extras"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnome-python-gda"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnome-python-gda-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnome-python-gdl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnome-python-gtkhtml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnome-python-gtkmozembed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gnome-python-gtkspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gjs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gjs0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xulrunner1.9.2.24"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgjs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgjs0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxulrunner-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxulrunner1.9.2.24"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-af"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-beagle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et_EE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-id"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-is"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pa_IN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-si"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nsinstall"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rootcerts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rootcerts-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:yelp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.1", reference:"beagle-0.3.9-40.21mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-crawl-system-0.3.9-40.21mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-doc-0.3.9-40.21mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-evolution-0.3.9-40.21mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-gui-0.3.9-40.21mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-gui-qt-0.3.9-40.21mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"beagle-libs-0.3.9-40.21mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-af-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ar-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-be-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-bg-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-bn-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ca-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-cs-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-cy-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-da-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-de-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-devel-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-el-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-en_GB-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-eo-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-es_AR-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-es_ES-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-et-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-eu-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ext-beagle-0.3.9-40.21mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ext-blogrovr-1.1.804-13.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ext-mozvoikko-1.0.1-2.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ext-r-kiosk-0.8.1-2.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ext-scribefire-3.5.2-2.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ext-weave-sync-1.1-5.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ext-xmarks-3.6.14-2.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-fi-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-fr-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-fy-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ga_IE-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-gl-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-gu_IN-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-he-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-hi-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-hu-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-id-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-is-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-it-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ja-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ka-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-kn-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ko-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ku-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-lt-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-lv-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-mk-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-mr-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-nb_NO-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-nl-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-nn_NO-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-oc-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-pa_IN-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-pl-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-pt_BR-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-pt_PT-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ro-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-ru-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-si-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-sk-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-sl-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-sq-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-sr-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-sv_SE-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-te-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-th-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-tr-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-uk-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-zh_CN-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"firefox-zh_TW-3.6.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"gjs-0.6-4.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"gnome-python-extras-2.25.3-18.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"gnome-python-gda-2.25.3-18.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"gnome-python-gda-devel-2.25.3-18.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"gnome-python-gdl-2.25.3-18.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"gnome-python-gtkhtml2-2.25.3-18.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"gnome-python-gtkmozembed-2.25.3-18.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"gnome-python-gtkspell-2.25.3-18.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64gjs-devel-0.6-4.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64gjs0-0.6-4.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64nss-devel-3.13.1-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64nss-static-devel-3.13.1-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64nss3-3.13.1-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64xulrunner-devel-1.9.2.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64xulrunner1.9.2.24-1.9.2.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libgjs-devel-0.6-4.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libgjs0-0.6-4.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnss-devel-3.13.1-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnss-static-devel-3.13.1-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnss3-3.13.1-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libxulrunner-devel-1.9.2.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libxulrunner1.9.2.24-1.9.2.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-af-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ar-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-be-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-beagle-0.3.9-40.21mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-bg-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-bn_BD-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ca-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-cs-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-da-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-de-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-el-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-en_GB-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ar-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ca-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-cs-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-de-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-el-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-es-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fi-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fr-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-hu-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-it-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ja-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ko-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nb-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nl-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pl-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt_BR-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ru-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sl-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sv-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-tr-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-vi-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_CN-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_TW-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_AR-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_ES-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-et-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-et_EE-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-eu-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fi-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fr-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fy-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ga-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-gd-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-gl-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-he-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-hu-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-id-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-is-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-it-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ja-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ka-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ko-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-lightning-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-lt-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nb_NO-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nl-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nn_NO-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pa_IN-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pl-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_BR-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_PT-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ro-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ru-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-si-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sk-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sl-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sq-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sr-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sv_SE-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-tr-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-uk-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-vi-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_CN-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_TW-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"nsinstall-3.1.16-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"nss-3.13.1-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"rootcerts-20111103.00-1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"rootcerts-java-20111103.00-1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"xulrunner-1.9.2.24-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"yelp-2.30.1-4.17mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-af-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ar-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ast-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-be-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-bg-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-bn-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-br-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-bs-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ca-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-cs-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-cy-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-da-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-de-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-devel-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-el-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-en_GB-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-eo-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-es_AR-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-es_ES-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-et-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-eu-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-fa-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-fi-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-fr-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-fy-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ga_IE-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-gd-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-gl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-gu_IN-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-he-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-hi-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-hr-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-hu-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-hy-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-id-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-is-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-it-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ja-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-kk-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-kn-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ko-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ku-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-lg-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-lt-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-lv-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-mai-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-mk-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ml-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-mr-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-nb_NO-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-nl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-nn_NO-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-nso-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-or-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-pa_IN-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-pl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-pt_BR-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-pt_PT-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ro-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ru-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-si-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-sk-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-sl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-sq-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-sr-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-sv_SE-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-ta-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-te-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-th-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-tr-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-uk-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-vi-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-zh_CN-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-zh_TW-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"firefox-zu-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64nss-devel-3.13.1-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64nss-static-devel-3.13.1-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64nss3-3.13.1-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libnss-devel-3.13.1-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libnss-static-devel-3.13.1-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libnss3-3.13.1-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-ar-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-ca-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-cs-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-da-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-de-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-en_GB-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-ar-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-ca-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-cs-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-de-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-el-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-es-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-fi-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-fr-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-it-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-ja-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-ko-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-nb-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-nl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-pl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-pt-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-pt_BR-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-ru-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-sl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-sv-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-tr-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-vi-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-zh_CN-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-enigmail-zh_TW-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-es_AR-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-es_ES-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-et-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-eu-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-fi-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-fr-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-fy-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-ga-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-gd-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-gl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-he-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-hu-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-is-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-it-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-ja-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-ko-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-lightning-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-lt-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-nb_NO-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-nl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-nn_NO-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-pl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-pt_BR-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-pt_PT-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-ru-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-si-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-sk-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-sl-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-sq-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-sv_SE-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-tr-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-uk-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"mozilla-thunderbird-zh_TW-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"nsinstall-8.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"nss-3.13.1-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"rootcerts-20111103.00-1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"rootcerts-java-20111103.00-1-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS11_THUNDERBIRD_20120404.NASL description The remote Solaris system is missing necessary patches to address security updates : - Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. (CVE-2011-3648) - Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. (CVE-2011-3650) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-3651) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3652) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3654) - Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. (CVE-2011-3655) last seen 2020-06-01 modified 2020-06-02 plugin id 80783 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80783 title Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80783); script_version("1.3"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3654", "CVE-2011-3655"); script_name(english:"Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird2)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. (CVE-2011-3648) - Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. (CVE-2011-3650) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-3651) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3652) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3654) - Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. (CVE-2011-3655)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-thunderbird script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac78be5f" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 04."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:thunderbird"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^thunderbird$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.0.4.0.5.0", sru:"SRU 4") > 0) flag++; if (flag) { set_kb_item(name:'www/0/XSS', value:TRUE); error_extra = 'Affected package : thunderbird\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "thunderbird");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1277-2.NASL description USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. (CVE-2011-3650) Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Firefox or possibly crash the browser resulting in a denial of service. (CVE-2011-3651) It was discovered that Firefox could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3652) Aki Helin discovered that Firefox does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Firefox, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3654) It was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. An attacker could possibly use this to gain elevated privileges within the browser for web content. (CVE-2011-3655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56945 published 2011-11-26 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56945 title Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1277-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1277-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(56945); script_version("1.10"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3654", "CVE-2011-3655"); script_bugtraq_id(50593, 50594, 50595, 50597, 50600, 50602); script_xref(name:"USN", value:"1277-2"); script_name(english:"Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1277-2)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. (CVE-2011-3650) Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Firefox or possibly crash the browser resulting in a denial of service. (CVE-2011-3651) It was discovered that Firefox could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3652) Aki Helin discovered that Firefox does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Firefox, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3654) It was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. An attacker could possibly use this to gain elevated privileges within the browser for web content. (CVE-2011-3655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1277-2/" ); script_set_attribute( attribute:"solution", value: "Update the affected xul-ext-mozvoikko and / or xul-ext-ubufox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xul-ext-mozvoikko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xul-ext-ubufox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04 / 11.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"11.04", pkgname:"xul-ext-mozvoikko", pkgver:"1.10.0-0ubuntu0.11.04.3")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"xul-ext-ubufox", pkgver:"0.9.2-0ubuntu0.11.04.2")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"xul-ext-mozvoikko", pkgver:"1.10.0-0ubuntu2.1")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"xul-ext-ubufox", pkgver:"1.0-0ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xul-ext-mozvoikko / xul-ext-ubufox"); }
NASL family Solaris Local Security Checks NASL id SOLARIS11_FIREFOX_20121210.NASL description The remote Solaris system is missing necessary patches to address security updates : - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. (CVE-2011-2372) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-2995) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-2997) - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. (CVE-2011-3000) - Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. (CVE-2011-3001) - Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. (CVE-2011-3002) - Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. (CVE-2011-3003) - The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. (CVE-2011-3004) - Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. (CVE-2011-3005) - YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. (CVE-2011-3232) - Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. (CVE-2011-3648) - Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. (CVE-2011-3650) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-3651) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3652) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3654) - Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. (CVE-2011-3655) last seen 2020-06-01 modified 2020-06-02 plugin id 80608 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80608 title Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_mozilla_firefox1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80608); script_version("1.3"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2011-2372", "CVE-2011-2995", "CVE-2011-2997", "CVE-2011-3000", "CVE-2011-3001", "CVE-2011-3002", "CVE-2011-3003", "CVE-2011-3004", "CVE-2011-3005", "CVE-2011-3232", "CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3654", "CVE-2011-3655"); script_name(english:"Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_mozilla_firefox1)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. (CVE-2011-2372) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-2995) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-2997) - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. (CVE-2011-3000) - Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. (CVE-2011-3001) - Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. (CVE-2011-3002) - Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. (CVE-2011-3003) - The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. (CVE-2011-3004) - Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. (CVE-2011-3005) - YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. (CVE-2011-3232) - Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. (CVE-2011-3648) - Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. (CVE-2011-3650) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-3651) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3652) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3654) - Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. (CVE-2011-3655)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-mozilla-firefox script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0cb812fe" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 3."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:firefox"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^firefox$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.0.3.0.4.0", sru:"SRU 3") > 0) flag++; if (flag) { set_kb_item(name:'www/0/XSS', value:TRUE); error_extra = 'Affected package : firefox\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "firefox");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-254.NASL description Changes in xulrunner : - update to 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory Changes in MozillaFirefox : - update to Firefox 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications Changes in MozillaThunderbird : - update to Thunderbird 12.0 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) - added mailnew-showalert.patch (bmo#739146) - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 - disabled crashreporter temporarily for Factory (gcc 4.7 issue) Changes in seamonkey : - update to SeaMonkey 2.9 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update to 2.9b4 - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1 - exclude broken gl locale from build - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 last seen 2020-06-05 modified 2014-06-13 plugin id 74612 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74612 title openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-254. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74612); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-1187", "CVE-2011-2985", "CVE-2011-2986", "CVE-2011-2987", "CVE-2011-2988", "CVE-2011-2989", "CVE-2011-2991", "CVE-2011-2992", "CVE-2011-3005", "CVE-2011-3062", "CVE-2011-3232", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3654", "CVE-2011-3655", "CVE-2011-3658", "CVE-2011-3660", "CVE-2011-3661", "CVE-2011-3663", "CVE-2012-0445", "CVE-2012-0446", "CVE-2012-0447", "CVE-2012-0451", "CVE-2012-0452", "CVE-2012-0459", "CVE-2012-0460", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0472", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0475", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479"); script_name(english:"openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1)"); script_summary(english:"Check for the openSUSE-2012-254 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Changes in xulrunner : - update to 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory Changes in MozillaFirefox : - update to Firefox 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications Changes in MozillaThunderbird : - update to Thunderbird 12.0 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) - added mailnew-showalert.patch (bmo#739146) - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 - disabled crashreporter temporarily for Factory (gcc 4.7 issue) Changes in seamonkey : - update to SeaMonkey 2.9 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update to 2.9b4 - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1 - exclude broken gl locale from build - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=712224" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=714931" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=720264" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=726758" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=728520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=732898" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=733002" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744275" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746616" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747328" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749440" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750044" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=755060" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=758408" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-04/msg00066.html" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox / MozillaThunderbird / seamonkey / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-branding-upstream-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-buildsymbols-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debuginfo-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-debugsource-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-devel-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-common-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaFirefox-translations-other-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-12.0-33.20.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-buildsymbols-12.0-33.20.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debuginfo-12.0-33.20.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-debugsource-12.0-33.20.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-devel-12.0-33.20.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-common-12.0-33.20.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"MozillaThunderbird-translations-other-12.0-33.20.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"enigmail-1.4.1+12.0-33.20.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"enigmail-debuginfo-1.4.1+12.0-33.20.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"mozilla-js-debuginfo-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-2.9-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debuginfo-2.9-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-debugsource-2.9-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-dom-inspector-2.9-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-irc-2.9-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-common-2.9-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-translations-other-2.9-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"seamonkey-venkman-2.9-2.18.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-buildsymbols-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debuginfo-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-debugsource-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xulrunner-devel-debuginfo-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-32bit-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"mozilla-js-debuginfo-32bit-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-32bit-12.0-2.26.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xulrunner-debuginfo-32bit-12.0-2.26.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_4_SEAMONKEY-111130.NASL description SeaMonkey was upgraded to version 2.5 in order to fix the following security problems : dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper last seen 2020-06-01 modified 2020-06-02 plugin id 76024 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76024 title openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update seamonkey-5487. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(76024); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-2372", "CVE-2011-2996", "CVE-2011-2998", "CVE-2011-2999", "CVE-2011-3000", "CVE-2011-3001", "CVE-2011-3640", "CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3649", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3653", "CVE-2011-3654", "CVE-2011-3655"); script_name(english:"openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)"); script_summary(english:"Check for the seamonkey-5487 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "SeaMonkey was upgraded to version 2.5 in order to fix the following security problems : dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=728520" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-12/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-2.5-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-debuginfo-2.5-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-debugsource-2.5-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-dom-inspector-2.5-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-irc-2.5-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-translations-common-2.5-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-translations-other-2.5-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-venkman-2.5-0.2.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-dom-inspector / seamonkey-irc / etc"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_8_0.NASL description The installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in last seen 2020-06-01 modified 2020-06-02 plugin id 56756 published 2011-11-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56756 title Firefox < 8.0 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(56756); script_version("1.10"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2011-3648", "CVE-2011-3650", "CVE-2011-3651", "CVE-2011-3652", "CVE-2011-3653", "CVE-2011-3654", "CVE-2011-3655" ); script_bugtraq_id( 50592, 50593, 50594, 50595, 50597, 50600, 50602 ); script_name(english:"Firefox < 8.0 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host contains a web browser that is potentially affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding, which can allow cross-site scripting attacks. (CVE-2011-3648) - Profiling JavaScript files with many functions can cause the application to crash. It may be possible to trigger this behavior even when the debugging APIs are not being used. (CVE-2011-3650) - Multiple memory safety issues exist. (CVE-2011-3651) - An unchecked memory allocation failure can cause the application to crash. (CVE-2011-3652) - An issue with WebGL graphics and GPU drivers can allow cross-origin image theft. (CVE-2011-3653) - An error exists related to SVG 'mpath' linking to a non-SVG element, which can result in potentially exploitable application crashes. (CVE-2011-3654) - An error in internal privilege checking can allow web content to obtain elevated privileges. (CVE-2011-3655)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-47/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-49/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-51/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-52/"); script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 8.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2011/11/08"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'8.0', skippat:'^3\\.6\\.', severity:SECURITY_HOLE, xss:TRUE);
NASL family Windows NASL id MOZILLA_THUNDERBIRD_80.NASL description The installed version of Thunderbird is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in last seen 2020-06-01 modified 2020-06-02 plugin id 56753 published 2011-11-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56753 title Mozilla Thunderbird < 8.0 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2011-34.NASL description SeaMonkey was updated to version 2.5 to fix several security issues : - MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS - MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards - MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug - MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper last seen 2020-06-01 modified 2020-06-02 plugin id 74522 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74522 title openSUSE Security Update : seamonkey (openSUSE-2011-34) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-NSS-7842.NASL description This update to version 3.13.1 of mozilla-nss fixes the following issues : - Explicitly distrust DigiCert Sdn. Bhd (bmo#698753) - Better SHA-224 support (bmo#647706) - Fix a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228) - SSL 2.0 is disabled by default - A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) has been enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. - Support SHA-224 - Add PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code - Add NSS_GetVersion to return the NSS version string - Add experimental support of RSA-PSS to the softoken only - NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052) last seen 2020-06-01 modified 2020-06-02 plugin id 57226 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57226 title SuSE 10 Security Update : mozilla-nss (ZYPP Patch Number 7842) (BEAST) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_8_0.NASL description The installed version of Thunderbird 7.x is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in last seen 2020-06-01 modified 2020-06-02 plugin id 56758 published 2011-11-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56758 title Thunderbird 7.x Multiple Vulnerabilities (Mac OS X) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1277-1.NASL description Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. (CVE-2011-3650) Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Firefox or possibly crash the browser resulting in a denial of service. (CVE-2011-3651) It was discovered that Firefox could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3652) Aki Helin discovered that Firefox does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Firefox, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3654) It was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. An attacker could possibly use this to gain elevated privileges within the browser for web content. (CVE-2011-3655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56944 published 2011-11-26 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56944 title Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1277-1) NASL family Windows NASL id MOZILLA_FIREFOX_80.NASL description The installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in last seen 2020-06-01 modified 2020-06-02 plugin id 56751 published 2011-11-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56751 title Firefox < 8.0 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1282-1.NASL description Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. (CVE-2011-3650) Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Thunderbird and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Thunderbird or possibly crash Thunderbird resulting in a denial of service. (CVE-2011-3651) It was discovered that Thunderbird could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-3652) Aki Helin discovered that Thunderbird does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Thunderbird, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-3654) It was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Thunderbird 5. An attacker could possibly use this to gain elevated privileges within Thunderbird for web content. (CVE-2011-3655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56969 published 2011-11-29 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56969 title Ubuntu 11.10 : thunderbird vulnerabilities (USN-1282-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2011-9.NASL description Mozilla Firefox and Thunderbird were updated to version 8.0 which fixes several security vulnerabilities : - MFSA 2011-52 - Code execution via NoWaiverWrapper (CVE-2011-3655) - MFSA 2011-51 - Cross-origin image theft on Mac with integrated Intel GPU (CVE-2011-3653) - MFSA 2011-50 - Cross-origin data theft using canvas and Windows D2D (CVE-2011-3649) - MFSA 2011-49 - Memory corruption while profiling using Firebug (CVE-2011-3650) - MFSA 2011-48 - Miscellaneous memory safety hazards (rv:8.0) (CVE-2011-3651, CVE-2011-3652, CVE-2011-3654) - MFSA 2011-47 - Potential XSS against sites using Shift-JIS (CVE-2011-3648) last seen 2020-06-01 modified 2020-06-02 plugin id 74542 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74542 title openSUSE Security Update : firefox / thunderbird (openSUSE-2011-9) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-111114.NASL description Mozilla Firefox has been updated to version 1.9.2.24 (bnc#728520) to fix the following security issues : - (bmo#680880) loadSubScript unwraps XPCNativeWrapper scope parameter. (MFSA 2011-46 / CVE-2011-3647) - (bmo#690225) Potential XSS against sites using Shift-JIS. (MFSA 2011-47 / CVE-2011-3648) - (bmo#674776) Memory corruption while profiling using Firebug. (MFSA 2011-49 / CVE-2011-3650) last seen 2020-06-01 modified 2020-06-02 plugin id 57084 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57084 title SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5429) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_3_SEAMONKEY-111130.NASL description SeaMonkey was upgraded to version 2.5 in order to fix the following security problems : - MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS - MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards - MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug - MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper last seen 2020-06-01 modified 2020-06-02 plugin id 75743 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75743 title openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6C8AD3E80A3011E195804061862B8C22.NASL description The Mozilla Project reports : MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch) MFSA 2011-47 Potential XSS against sites using Shift-JIS MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0) MFSA 2011-49 Memory corruption while profiling using Firebug MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU MFSA 2011-52 Code execution via NoWaiverWrapper last seen 2020-06-01 modified 2020-06-02 plugin id 56762 published 2011-11-10 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56762 title FreeBSD : mozilla -- multiple vulnerabilities (6c8ad3e8-0a30-11e1-9580-4061862b8c22) NASL family SuSE Local Security Checks NASL id SUSE_11_4_MOZILLAFIREFOX-111110.NASL description MozillaFirefox was updated to version 8 (bnc#728520) to fix the following security issues : dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper - rebased patches last seen 2020-06-01 modified 2020-06-02 plugin id 75949 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75949 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)
Oval
accepted | 2014-10-06T04:01:27.730-04:00 | ||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||
description | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:14364 | ||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||
submitted | 2011-11-25T18:27:17.000-05:00 | ||||||||||||||||||||||||||||||||||||||||
title | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||||||||||||||||||||||||||||||||||||||
version | 32 |
References
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
- http://secunia.com/advisories/49055
- http://www.mozilla.org/security/announce/2011/mfsa2011-48.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=646968
- https://bugzilla.mozilla.org/show_bug.cgi?id=652054
- https://bugzilla.mozilla.org/show_bug.cgi?id=665070
- https://bugzilla.mozilla.org/show_bug.cgi?id=671160
- https://bugzilla.mozilla.org/show_bug.cgi?id=672892
- https://bugzilla.mozilla.org/show_bug.cgi?id=675515
- https://bugzilla.mozilla.org/show_bug.cgi?id=676918
- https://bugzilla.mozilla.org/show_bug.cgi?id=677847
- https://bugzilla.mozilla.org/show_bug.cgi?id=679593
- https://bugzilla.mozilla.org/show_bug.cgi?id=686044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14364