CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.7%
The remote host is missing an update for the
# Copyright (C) 2011 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.850166");
script_version("2022-07-05T11:37:00+0000");
script_tag(name:"last_modification", value:"2022-07-05 11:37:00 +0000 (Tue, 05 Jul 2022)");
script_tag(name:"creation_date", value:"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name:"SUSE-SA", value:"2011-022");
script_cve_id("CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0068", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0079", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202");
script_name("SUSE: Security Advisory for MozillaFirefox, seamonkey, MozillaThunderbird (SUSE-SA:2011:022)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaFirefox, seamonkey, MozillaThunderbird'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSE11\.2|openSUSE11\.3)");
script_tag(name:"impact", value:"remote code execution, remote denial of service");
script_tag(name:"affected", value:"MozillaFirefox, seamonkey, MozillaThunderbird on openSUSE 11.2, openSUSE 11.3");
script_tag(name:"insight", value:"The Mozilla suite of browsers received security updates.
The following updates are included in this update:
Mozilla Firefox was updated on SUSE Linux Enterprise 10 and 11 to the 3.6.17 security release.
Mozilla Firefox was updated on openSUSE 11.4 to the 4.0.1 security release.
Mozilla Thunderbird was updated on openSUSE to the 3.1.10 security release.
Mozilla Seamonkey was updated on openSUSE to the 2.0.14 security release.
Mozilla XULRunner 1.9.1 was updated to 1.9.1.19.
Mozilla XULRunner 1.9.2 was updated to 1.9.2.17.
The following security issues were fixed:
MFSA 2011-12:
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be exploited to
run arbitrary code.
Mozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils,
Scoobidiver, and Ted Mielczarek reported memory safety issues which affected
Firefox 4. CVE-2011-0079
Mozilla developer Scoobidiver reported a memory safety issue which affected
Firefox 4 and Firefox 3.6 CVE-2011-0081
The web development team of Alcidion reported a crash that affected Firefox 4,
Firefox 3.6 and Firefox 3.5. CVE-2011-0069
Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.
CVE-2011-0070
Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and
Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and
Firefox 3.5. CVE-2011-0080
Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox
3.5. CVE-2011-0075
Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox
3.5. CVE-2011-0078
Martin Barbella reported a memory safety issue which affected Firefox 3.6 and
Firefox 3.5. CVE-2011-0072
CVE-2011-0073:
Security researcher regenrecht reported several dangling pointer
vulnerabilities via TippingPoint's Zero Day Initiative.
Firefox 4 was not affected by these issues.
CVE-2011-0067:
Security researcher Paul Stone reported that a Java applet could be used to
mimic interaction with form autocomplete controls and steal entries from the
form history.
Firefox 4 was not affected by this issue.
CVE-2011-0076: David Remahl of Apple Product Security reported
that the Java Embedding Plugin (JEP) shipped with the Mac OS X version ...
Description truncated, please see the referenced URL(s) for more information.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSE11.2") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.6.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-branding-upstream", rpm:"MozillaFirefox-branding-upstream~3.6.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~3.6.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~3.6.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~3.1.10~0.9.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-devel", rpm:"MozillaThunderbird-devel~3.1.10~0.9.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~3.1.10~0.9.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~3.1.10~0.9.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"enigmail", rpm:"enigmail~1.1.2~9.9.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-js192", rpm:"mozilla-js192~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191", rpm:"mozilla-xulrunner191~1.9.1.19~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-devel", rpm:"mozilla-xulrunner191-devel~1.9.1.19~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs", rpm:"mozilla-xulrunner191-gnomevfs~1.9.1.19~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-translations-common", rpm:"mozilla-xulrunner191-translations-common~1.9.1.19~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-translations-other", rpm:"mozilla-xulrunner191-translations-other~1.9.1.19~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192", rpm:"mozilla-xulrunner192~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-buildsymbols", rpm:"mozilla-xulrunner192-buildsymbols~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-devel", rpm:"mozilla-xulrunner192-devel~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome", rpm:"mozilla-xulrunner192-gnome~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common", rpm:"mozilla-xulrunner192-translations-common~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other", rpm:"mozilla-xulrunner192-translations-other~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-xpcom191", rpm:"python-xpcom191~1.9.1.19~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.0.14~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~2.0.14~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-irc", rpm:"seamonkey-irc~2.0.14~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-venkman", rpm:"seamonkey-venkman~2.0.14~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-js192-32bit", rpm:"mozilla-js192-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-32bit", rpm:"mozilla-xulrunner191-32bit~1.9.1.19~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs-32bit", rpm:"mozilla-xulrunner191-gnomevfs-32bit~1.9.1.19~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-32bit", rpm:"mozilla-xulrunner192-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome-32bit", rpm:"mozilla-xulrunner192-gnome-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common-32bit", rpm:"mozilla-xulrunner192-translations-common-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other-32bit", rpm:"mozilla-xulrunner192-translations-other-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "openSUSE11.3") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.6.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-branding-upstream", rpm:"MozillaFirefox-branding-upstream~3.6.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~3.6.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~3.6.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~3.1.10~0.9.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-devel", rpm:"MozillaThunderbird-devel~3.1.10~0.9.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~3.1.10~0.9.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~3.1.10~0.9.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"enigmail", rpm:"enigmail~1.1.2~9.9.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-js192", rpm:"mozilla-js192~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191", rpm:"mozilla-xulrunner191~1.9.1.19~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-devel", rpm:"mozilla-xulrunner191-devel~1.9.1.19~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs", rpm:"mozilla-xulrunner191-gnomevfs~1.9.1.19~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-translations-common", rpm:"mozilla-xulrunner191-translations-common~1.9.1.19~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-translations-other", rpm:"mozilla-xulrunner191-translations-other~1.9.1.19~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192", rpm:"mozilla-xulrunner192~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-buildsymbols", rpm:"mozilla-xulrunner192-buildsymbols~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-devel", rpm:"mozilla-xulrunner192-devel~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome", rpm:"mozilla-xulrunner192-gnome~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common", rpm:"mozilla-xulrunner192-translations-common~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other", rpm:"mozilla-xulrunner192-translations-other~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-xpcom191", rpm:"python-xpcom191~1.9.1.19~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.0.14~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~2.0.14~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-irc", rpm:"seamonkey-irc~2.0.14~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-translations-common", rpm:"seamonkey-translations-common~2.0.14~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-translations-other", rpm:"seamonkey-translations-other~2.0.14~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"seamonkey-venkman", rpm:"seamonkey-venkman~2.0.14~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-js192-32bit", rpm:"mozilla-js192-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-32bit", rpm:"mozilla-xulrunner191-32bit~1.9.1.19~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs-32bit", rpm:"mozilla-xulrunner191-gnomevfs-32bit~1.9.1.19~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-32bit", rpm:"mozilla-xulrunner192-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome-32bit", rpm:"mozilla-xulrunner192-gnome-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common-32bit", rpm:"mozilla-xulrunner192-translations-common-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other-32bit", rpm:"mozilla-xulrunner192-translations-other-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);