Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20090723_SEAMONKEY_ON_SL4_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64 (fwd)
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.903 High
EPSS
Percentile
98.8%
CVE-2009-2462 Mozilla Browser engine crashes CVE-2009-2463 Mozilla Base64 decoding crash CVE-2009-2466 Mozilla JavaScript engine crashes
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.
SRPM
seamonkey-1.0.9-45.el4_8.src.rpm
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60620);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2466");
script_name(english:"Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64 (fwd)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"CVE-2009-2462 Mozilla Browser engine crashes CVE-2009-2463 Mozilla
Base64 decoding crash CVE-2009-2466 Mozilla JavaScript engine crashes
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause SeaMonkey to crash
or, potentially, execute arbitrary code as the user running SeaMonkey.
SRPM
seamonkey-1.0.9-45.el4_8.src.rpm"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=1400
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?39efe381"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cwe_id(189, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL4", reference:"seamonkey-1.0.9-45.el4_8")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-chat-1.0.9-45.el4_8")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-devel-1.0.9-45.el4_8")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-dom-inspector-1.0.9-45.el4_8")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-js-debugger-1.0.9-45.el4_8")) flag++;
if (rpm_check(release:"SL4", reference:"seamonkey-mail-1.0.9-45.el4_8")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
Related
nessus
nessus
Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64 (fwd)
2012-11-05 00:00:00
Scientific Linux Security Update : seamonkey on SL3.0.9 i386/x86_64
2012-08-01 00:00:00
CentOS 3 : seamonkey (CESA-2009:1163)
2009-07-23 00:00:00
openvas
openvas
CentOS Security Advisory CESA-2009:1163 (seamonkey)
2009-07-29 00:00:00
CentOS Update for seamonkey CESA-2009:1163 centos3 i386
2011-08-09 00:00:00
RedHat Security Advisory RHSA-2009:1163
2009-07-29 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2009-07-22 00:00:00
firefox security update
2009-07-22 00:00:00
thunderbird security update
2010-03-17 00:00:00
redhat
redhat
(RHSA-2009:1163) Critical: seamonkey security update
2009-07-21 00:00:00
(RHSA-2009:1162) Critical: firefox security update
2009-07-21 00:00:00
(RHSA-2010:0153) Moderate: thunderbird security update
2010-03-17 00:00:00
centos
centos
seamonkey security update
2009-07-22 22:37:56
firefox, xulrunner security update
2009-07-28 12:22:37
thunderbird security update
2010-03-26 20:37:29
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-34
2009-07-22 00:00:00
Multiple Mozilla Firefox security vulnerabilities
2009-07-22 00:00:00
Mozilla Foundation Security Advisory 2010-07
2010-04-06 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12) — Mozilla
2009-07-21 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-07-22 00:00:00
Thunderbird vulnerabilities
2010-03-18 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: galeon-2.0.7-12.fc10
2009-07-23 19:14:52
[SECURITY] Fedora 10 Update: ruby-gnome2-0.19.0-3.fc10.1
2009-07-23 19:14:52
[SECURITY] Fedora 10 Update: kazehakase-0.5.6-4.fc10.4
2009-07-23 19:14:52
osv
osv
xulrunner - several vulnerabilities
2009-07-23 00:00:00
nspr - several vulnerabilities
2009-11-08 00:00:00
icedove - several vulnerabilities
2010-03-31 00:00:00
debian
debian
[SECURITY] [DSA 1840-1] New xulrunner packages fix several vulnerabilities
2009-07-23 10:30:34
[Backports-security-announce] Security Update for nsrp
2010-07-21 08:26:53
[SECURITY] [DSA 1931-1] New NSPR packages fix several vulnerabilities
2009-11-08 10:07:37
cve
cve
cvelist
cvelist
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:36:27
Denial Of Service (DoS)
2020-04-10 00:36:31
Denial Of Service (DoS)
2020-04-10 00:36:28
checkpoint_advisories
checkpoint_advisories
prion
prion
Memory corruption
2009-07-22 18:30:00
Memory corruption
2009-07-22 18:30:00
Integer overflow
2009-07-22 18:30:00
nvd
nvd
ubuntucve
ubuntucve
debiancve
debiancve
CVE-2009-2463
2009-07-22 18:30:00
suse
suse
remote code execution in MozillaFirefox
2009-07-27 13:06:57
remote code execution in MozillaFirefox
2009-08-06 11:30:16
seebug
seebug
Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
2010-03-19 00:00:00
Mozilla Firefox MFSA存在多个安全漏洞
2009-07-24 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-03-16 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.903 High
EPSS
Percentile
98.8%
Related for SL_20090723_SEAMONKEY_ON_SL4_X.NASL