Vulnerabilities > CVE-2012-0454 - Resource Management Errors vulnerability in Mozilla products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
microsoft
CWE-399
nessus

Summary

Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.

Vulnerable Configurations

Part Description Count
Application
Mozilla
140
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-032.NASL
    descriptionSecurity issues were identified and fixed in mozilla firefox and thunderbird : Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable (CVE-2012-0454). Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting (XSS) attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection (CVE-2012-0455). Security researcher Atte Kettunen from OUSPG found two issues with Firefox
    last seen2020-06-01
    modified2020-06-02
    plugin id58771
    published2012-04-18
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58771
    titleMandriva Linux Security Advisory : mozilla (MDVSA-2012:032-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2012:032. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58771);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id("CVE-2012-0451", "CVE-2012-0454", "CVE-2012-0455", "CVE-2012-0456", "CVE-2012-0457", "CVE-2012-0458", "CVE-2012-0459", "CVE-2012-0460", "CVE-2012-0461", "CVE-2012-0462", "CVE-2012-0464");
      script_bugtraq_id(52455, 52456, 52457, 52458, 52459, 52460, 52461, 52463, 52464, 52465, 52467);
      script_xref(name:"MDVSA", value:"2012:032-1");
    
      script_name(english:"Mandriva Linux Security Advisory : mozilla (MDVSA-2012:032-1)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security issues were identified and fixed in mozilla firefox and
    thunderbird :
    
    Security researchers Blair Strang and Scott Bell of Security
    Assessment found that when a parent window spawns and closes a child
    window that uses the file open dialog, a crash can be induced in
    shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially
    exploitable (CVE-2012-0454).
    
    Firefox prevents the dropping of javascript: links onto a frame to
    prevent malicious sites from tricking users into performing a
    cross-site scripting (XSS) attacks on themselves. Security researcher
    Soroush Dalili reported a way to bypass this protection
    (CVE-2012-0455).
    
    Security researcher Atte Kettunen from OUSPG found two issues with
    Firefox's handling of SVG using the Address Sanitizer tool. The first
    issue, critically rated, is a use-after-free in SVG animation that
    could potentially lead to arbitrary code execution. The second issue
    is rated moderate and is an out of bounds read in SVG Filters. This
    could potentially incorporate data from the user's memory, making it
    accessible to the page content (CVE-2012-0457, CVE-2012-0456).
    
    Security Researcher Mike Brooks of Sitewatch reported that if multiple
    Content Security Policy (CSP) headers are present on a page, they have
    an additive effect page policy. Using carriage return line feed (CRLF)
    injection, a new CSP rule can be introduced which allows for
    cross-site scripting (XSS) on sites with a separate header injection
    vulnerability (CVE-2012-0451).
    
    Security researcher Mariusz Mlynski reported that an attacker able to
    convince a potential victim to set a new home page by dragging a link
    to the home button can set that user's home page to a javascript: URL.
    Once this is done the attacker's page can cause repeated crashes of
    the browser, eventually getting the script URL loaded in the
    privileged about:sessionrestore context (CVE-2012-0458).
    
    Mozilla community member Daniel Glazman of Disruptive Innovations
    reported a crash when accessing a keyframe's cssText after dynamic
    modification. This crash may be potentially exploitable
    (CVE-2012-0459).
    
    Mozilla developer Matt Brubeck reported that window.fullScreen is
    writeable by untrusted content now that the DOM fullscreen API is
    enabled. Because window.fullScreen does not include
    mozRequestFullscreen's security protections, it could be used for UI
    spoofing. This code change makes window.fullScreen read only by
    untrusted content, forcing the use of the DOM fullscreen API in normal
    usage (CVE-2012-0460).
    
    Mozilla developers identified and fixed several memory safety bugs in
    the browser engine used in Firefox and other Mozilla-based products.
    Some of these bugs showed evidence of memory corruption under certain
    circumstances, and we presume that with enough effort at least some of
    these could be exploited to run arbitrary code (CVE-2012-0461,
    CVE-2012-0462, CVE-2012-0464).
    
    The mozilla firefox and thunderbird packages has been upgraded to the
    latest respective versions which is unaffected by these security
    flaws.
    
    Additionally the NSS and NSPR packages has been upgraded to the latest
    versions. The OpenJDK java plugin (icedtea-web) has been upgraded to
    the 1.1.5 version whish bas better support for firefox 10.x+.
    
    Update :
    
    Updated packages for 2010.2 is being provided, despite the Mandriva
    products lifetime policy dictates otherwise."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-12/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-af");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ast");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-be");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bn_BD");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bn_IN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-br");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-bs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-cy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-da");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-en_GB");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-en_ZA");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-eo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_AR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_CL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_ES");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-es_MX");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-et");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-eu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-fy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ga_IE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-gl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-gu_IN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-he");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-hy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-id");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-is");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-kk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-kn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ku");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-lg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-lt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-lv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-mai");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-mk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-mr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nb_NO");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nn_NO");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-nso");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-or");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pa_IN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pt_BR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-pt_PT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-si");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sq");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-sv_SE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-ta_LK");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-te");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-th");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-uk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-vi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-zh_CN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-zh_TW");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:firefox-zu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:icedtea-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:icedtea-web-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xulrunner-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xulrunner10.0.3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxulrunner-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxulrunner10.0.3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-be");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-bn_BD");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-br");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-da");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-en_GB");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-vi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_AR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-es_ES");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-et");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-eu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-fy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ga");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-gl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-he");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-hu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-id");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-is");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lightning");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-lt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nb_NO");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-nn_NO");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_BR");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-pt_PT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-si");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sq");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-sv_SE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-ta_LK");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-uk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-vi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_CN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-zh_TW");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nsinstall");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xulrunner");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-af-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ar-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ast-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-be-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-bg-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-bn_BD-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-bn_IN-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-br-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-bs-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ca-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-cs-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-cy-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-da-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-de-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-devel-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-el-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-en_GB-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-en_ZA-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-eo-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-es_AR-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-es_CL-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-es_ES-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-es_MX-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-et-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-eu-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-fa-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-fi-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-fr-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-fy-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ga_IE-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-gd-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-gl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-gu_IN-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-he-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-hi-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-hr-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-hu-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-hy-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-id-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-is-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-it-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ja-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-kk-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-kn-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ko-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ku-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-lg-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-lt-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-lv-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-mai-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-mk-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ml-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-mr-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-nb_NO-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-nl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-nn_NO-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-nso-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-or-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-pa_IN-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-pl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-pt_BR-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-pt_PT-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ro-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ru-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-si-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-sk-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-sl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-sq-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-sr-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-sv_SE-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ta-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-ta_LK-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-te-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-th-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-tr-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-uk-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-vi-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-zh_CN-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-zh_TW-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"firefox-zu-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"icedtea-web-1.1.5-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"icedtea-web-javadoc-1.1.5-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64nspr-devel-4.9.0-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64nspr4-4.9.0-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64nss-devel-3.13.4-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64nss-static-devel-3.13.4-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64nss3-3.13.4-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64xulrunner-devel-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64xulrunner10.0.3-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnspr-devel-4.9.0-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnspr4-4.9.0-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnss-devel-3.13.4-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnss-static-devel-3.13.4-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libnss3-3.13.4-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libxulrunner-devel-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libxulrunner10.0.3-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ar-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-be-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-bg-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-bn_BD-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-br-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ca-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-cs-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-da-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-de-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-el-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-en_GB-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ar-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ca-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-cs-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-de-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-el-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-es-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fi-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-fr-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-it-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ja-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ko-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nb-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-nl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-pt_BR-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-ru-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-sv-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-tr-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-vi-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_CN-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-enigmail-zh_TW-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_AR-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-es_ES-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-et-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-eu-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fi-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fr-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-fy-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ga-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-gd-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-gl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-he-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-hu-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-id-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-is-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-it-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ja-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ko-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-lightning-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-lt-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nb_NO-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-nn_NO-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_BR-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-pt_PT-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ro-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ru-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-si-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sk-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sl-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sq-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-sv_SE-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-ta_LK-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-tr-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-uk-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-vi-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_CN-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"mozilla-thunderbird-zh_TW-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"nsinstall-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"nss-3.13.4-0.1mdv2010.2", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.1", reference:"xulrunner-10.0.3-0.1mdv2010.2", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1003.NASL
    descriptionThe installed version of Firefox 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58348
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58348
    titleFirefox 10.0.x < 10.0.3 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58348);
      script_version("1.10");
      script_cvs_date("Date: 2018/07/16 14:09:14");
    
      script_cve_id(
        "CVE-2012-0451",
        "CVE-2012-0454",
        "CVE-2012-0455",
        "CVE-2012-0456",
        "CVE-2012-0457",
        "CVE-2012-0458",
        "CVE-2012-0459",
        "CVE-2012-0460",
        "CVE-2012-0461",
        "CVE-2012-0462",
        "CVE-2012-0463",
        "CVE-2012-0464"
      );
      script_bugtraq_id(
        52455,
        52456,
        52457,
        52458,
        52459,
        52460,
        52461,
        52463,
        52464,
        52465,
        52466,
        52467
      );
    
      script_name(english:"Firefox 10.0.x < 10.0.3 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The installed version of Firefox 10.0.x is potentially affected by 
    the following security issues :
      
      - Multiple memory corruption issues. By tricking a user 
        into visiting a specially crafted page, these issues may
        allow an attacker to execute arbitrary code in the 
        context of the affected application. (CVE-2012-0454, 
        CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, 
        CVE-2012-0462, CVE-2012-0463, CVE-2012-0464)
    
      - An HTTP Header security bypass vulnerability exists that 
        can be leveraged by attackers to bypass certain security 
        restrictions and conduct cross-site scripting attacks. 
        (CVE-2012-0451).
    
      - A security bypass vulnerability exists that can be 
        exploited by an attacker if the victim can be tricked 
        into setting a new home page by dragging a specially 
        crafted link to the 'home' button URL, which will set 
        the user's home page to a 'javascript:' URL. 
        (CVE-2012-0458) 
    
      - An information disclosure vulnerability exists due to an 
        out-of-bounds read in SVG filters. (CVE-2012-0456)
    
      - A cross-site scripting vulnerability exists that can be 
        triggered by dragging and dropping 'javascript:' links 
        onto a frame. (CVE-2012-0455)
    
      - 'window.fullScreen' is writeable by untrusted content, 
        allowing attackers to perform UI spoofing attacks. 
        (CVE-2012-0460)"
      );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19/");
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to Firefox 10.0.3 ESR or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.3', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1003.NASL
    descriptionThe installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58350
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58350
    titleMozilla Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58350);
      script_version("1.10");
      script_cvs_date("Date: 2018/07/16 14:09:15");
    
      script_cve_id(
        "CVE-2012-0451",
        "CVE-2012-0454",
        "CVE-2012-0455",
        "CVE-2012-0456",
        "CVE-2012-0457",
        "CVE-2012-0458",
        "CVE-2012-0459",
        "CVE-2012-0460",
        "CVE-2012-0461",
        "CVE-2012-0462",
        "CVE-2012-0463",
        "CVE-2012-0464"
      );
      script_bugtraq_id(
        52455,
        52456,
        52457,
        52458,
        52459,
        52460,
        52461,
        52463,
        52464,
        52465,
        52466,
        52467
      );
    
      script_name(english:"Mozilla Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains a mail client that is potentially
    affected by several vulnerabilities.");
      script_set_attribute(
        attribute:"description",
        value:
    "The installed version of Thunderbird 10.0.x is potentially affected 
    by the following security issues :
      
      - Multiple memory corruption issues. By tricking a user 
        into visiting a specially crafted page, these issues may 
        allow an attacker to execute arbitrary code in the 
        context of the affected application. (CVE-2012-0454, 
        CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, 
        CVE-2012-0462, CVE-2012-0463, CVE-2012-0464)
    
      - An HTTP Header security bypass vulnerability exists that 
        can be leveraged by attackers to bypass certain security 
        restrictions and conduct cross-site scripting attacks. 
        (CVE-2012-0451).
    
      - A security bypass vulnerability exists that can be 
        exploited by an attacker if the victim can be tricked 
        into setting a new home page by dragging a specially 
        crafted link to the 'home' button URL, which will set 
        the user's home page to a 'javascript:' URL. 
        (CVE-2012-0458) 
    
      - An information disclosure vulnerability exists due to an 
        out-of-bounds read in SVG filters. (CVE-2012-0456)
    
      - A cross-site scripting vulnerability exists that can be 
        triggered by dragging and dropping 'javascript:' links 
        onto a frame. (CVE-2012-0455)
    
      - 'window.fullScreen' is writeable by untrusted content, 
        allowing attackers to perform UI spoofing attacks. 
        (CVE-2012-0460)"
      );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-12/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19/");
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to Thunderbird 10.0.3 ESR or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Thunderbird/Version");
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");
    
    mozilla_check_version(installs:installs, product:'thunderbird', esr:TRUE, fix:'10.0.3', min:'10.0', severity:SECURITY_HOLE, xss:TRUE);
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_10_0_3.NASL
    descriptionThe installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58355
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58355
    titleThunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-120320.NASL
    descriptionMozilla Firefox was updated to 10.0.3 ESR to fix various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-19) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References : Bob Clary reported two bugs that causes crashes that affected Firefox 3.6, Firefox ESR, and Firefox 10. (CVE-2012-0461) Christian Holler, Jesse Ruderman, Nils, Michael Bebenita, Dindog, and David Anderson reported memory safety problems and crashes that affect Firefox ESR and Firefox 10. (CVE-2012-0462) Jeff Walden reported a memory safety problem in the array.join function. This bug was independently reported by Vincenzo Iozzo via TippingPoint
    last seen2020-06-05
    modified2012-03-29
    plugin id58524
    published2012-03-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58524
    titleSuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6007)
  • NASL familyWindows
    NASL idSEAMONKEY_28.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.8.0. Such versions are potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58352
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58352
    titleSeaMonkey < 2.8.0 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_10_0_3.NASL
    descriptionThe installed version of Firefox is earlier than 10.0.3 and thus, is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application. (CVE-2012-0454, CVE-2012-0457, CVE-2012-0459, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464) - An HTTP Header security bypass vulnerability exists that can be leveraged by attackers to bypass certain security restrictions and conduct cross-site scripting attacks. (CVE-2012-0451). - A security bypass vulnerability exists that can be exploited by an attacker if the victim can be tricked into setting a new home page by dragging a specially crafted link to the
    last seen2020-06-01
    modified2020-06-02
    plugin id58353
    published2012-03-15
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58353
    titleFirefox < 10.0.3 Multiple Vulnerabilities (Mac OS X)

Oval

accepted2014-10-06T04:01:23.205-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameScott Quint
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox ESR is installed
    ovaloval:org.mitre.oval:def:22414
  • commentMozilla Thunderbird ESR is installed
    ovaloval:org.mitre.oval:def:22216
descriptionUse-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.
familywindows
idoval:org.mitre.oval:def:14258
statusaccepted
submitted2012-03-26T11:20:22.000-05:00
titleUse-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.
version54