Check for the Version of MozillaFirefox,seamonkey,MozillaThunderbird
###############################################################################
# OpenVAS Vulnerability Test
#
# SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2011:022
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The Mozilla suite of browsers received security updates.
Following updates are included in this update:
Mozilla Firefox was updated on SUSE Linux Enterprise 10 and 11 to the 3.6.17 security release.
Mozilla Firefox was updated on openSUSE 11.4 to the 4.0.1 security release.
Mozilla Thunderbird was updated on openSUSE to the 3.1.10 security release.
Mozilla Seamonkey was updated on openSUSE to the 2.0.14 security release.
Mozilla XULRunner 1.9.1 was updated to 1.9.1.19.
Mozilla XULRunner 1.9.2 was updated to 1.9.2.17.
Following security issues were fixed:
MFSA 2011-12:
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be exploited to
run arbitrary code.
Mozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils,
Scoobidiver, and Ted Mielczarek reported memory safety issues which affected
Firefox 4. CVE-2011-0079
Mozilla developer Scoobidiver reported a memory safety issue which affected
Firefox 4 and Firefox 3.6 CVE-2011-0081
The web development team of Alcidion reported a crash that affected Firefox 4,
Firefox 3.6 and Firefox 3.5. CVE-2011-0069
Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.
CVE-2011-0070
Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and
Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and
Firefox 3.5. CVE-2011-0080
Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox
3.5. CVE-2011-0075
Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox
3.5. CVE-2011-0078
Martin Barbella reported a memory safety issue which affected Firefox 3.6 and
Firefox 3.5. CVE-2011-0072
CVE-2011-0073:
Security researcher regenrecht reported several dangling pointer
vulnerabilities via TippingPoint's Zero Day Initiative.
Firefox 4 was not affected by these issues.
CVE-2011-0067:
Security researcher Paul Stone reported that a Java applet could be used to
mimic interaction with form autocomplete controls and steal entries from the
form history.
Firefox 4 was not affected by this issue.
CVE-2011-0076: David Remahl of Apple Product Security reported
that the Java Embedding Plugin (JEP) shipped with the Mac OS X version ...
Description truncated, for more information please check the Reference URL";
tag_solution = "Please Install the Updated Packages.";
tag_impact = "remote code execution, remote denial of service";
tag_affected = "MozillaFirefox,seamonkey,MozillaThunderbird on openSUSE 11.2, openSUSE 11.3";
if(description)
{
script_id(850166);
script_version("$Revision: 8041 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-08 08:28:21 +0100 (Fri, 08 Dec 2017) $");
script_tag(name:"creation_date", value:"2011-05-10 14:04:15 +0200 (Tue, 10 May 2011)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name: "SUSE-SA", value: "2011-022");
script_cve_id("CVE-2011-0065", "CVE-2011-0066", "CVE-2011-0067", "CVE-2011-0068", "CVE-2011-0069", "CVE-2011-0070", "CVE-2011-0071", "CVE-2011-0072", "CVE-2011-0073", "CVE-2011-0074", "CVE-2011-0075", "CVE-2011-0076", "CVE-2011-0077", "CVE-2011-0078", "CVE-2011-0079", "CVE-2011-0080", "CVE-2011-0081", "CVE-2011-1202");
script_name("SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2011:022");
script_summary("Check for the Version of MozillaFirefox,seamonkey,MozillaThunderbird");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "openSUSE11.2")
{
if ((res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.6.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-branding-upstream", rpm:"MozillaFirefox-branding-upstream~3.6.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~3.6.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~3.6.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~3.1.10~0.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaThunderbird-devel", rpm:"MozillaThunderbird-devel~3.1.10~0.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~3.1.10~0.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~3.1.10~0.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"enigmail", rpm:"enigmail~1.1.2~9.9.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-js192", rpm:"mozilla-js192~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191", rpm:"mozilla-xulrunner191~1.9.1.19~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-devel", rpm:"mozilla-xulrunner191-devel~1.9.1.19~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs", rpm:"mozilla-xulrunner191-gnomevfs~1.9.1.19~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-translations-common", rpm:"mozilla-xulrunner191-translations-common~1.9.1.19~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-translations-other", rpm:"mozilla-xulrunner191-translations-other~1.9.1.19~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192", rpm:"mozilla-xulrunner192~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-buildsymbols", rpm:"mozilla-xulrunner192-buildsymbols~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-devel", rpm:"mozilla-xulrunner192-devel~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome", rpm:"mozilla-xulrunner192-gnome~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common", rpm:"mozilla-xulrunner192-translations-common~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other", rpm:"mozilla-xulrunner192-translations-other~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-xpcom191", rpm:"python-xpcom191~1.9.1.19~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.0.14~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~2.0.14~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-irc", rpm:"seamonkey-irc~2.0.14~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-venkman", rpm:"seamonkey-venkman~2.0.14~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-js192-32bit", rpm:"mozilla-js192-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-32bit", rpm:"mozilla-xulrunner191-32bit~1.9.1.19~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs-32bit", rpm:"mozilla-xulrunner191-gnomevfs-32bit~1.9.1.19~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-32bit", rpm:"mozilla-xulrunner192-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome-32bit", rpm:"mozilla-xulrunner192-gnome-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common-32bit", rpm:"mozilla-xulrunner192-translations-common-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other-32bit", rpm:"mozilla-xulrunner192-translations-other-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "openSUSE11.3")
{
if ((res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~3.6.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-branding-upstream", rpm:"MozillaFirefox-branding-upstream~3.6.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~3.6.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~3.6.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~3.1.10~0.9.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaThunderbird-devel", rpm:"MozillaThunderbird-devel~3.1.10~0.9.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~3.1.10~0.9.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~3.1.10~0.9.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"enigmail", rpm:"enigmail~1.1.2~9.9.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-js192", rpm:"mozilla-js192~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191", rpm:"mozilla-xulrunner191~1.9.1.19~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-devel", rpm:"mozilla-xulrunner191-devel~1.9.1.19~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs", rpm:"mozilla-xulrunner191-gnomevfs~1.9.1.19~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-translations-common", rpm:"mozilla-xulrunner191-translations-common~1.9.1.19~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-translations-other", rpm:"mozilla-xulrunner191-translations-other~1.9.1.19~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192", rpm:"mozilla-xulrunner192~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-buildsymbols", rpm:"mozilla-xulrunner192-buildsymbols~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-devel", rpm:"mozilla-xulrunner192-devel~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome", rpm:"mozilla-xulrunner192-gnome~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common", rpm:"mozilla-xulrunner192-translations-common~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other", rpm:"mozilla-xulrunner192-translations-other~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-xpcom191", rpm:"python-xpcom191~1.9.1.19~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.0.14~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~2.0.14~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-irc", rpm:"seamonkey-irc~2.0.14~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-translations-common", rpm:"seamonkey-translations-common~2.0.14~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-translations-other", rpm:"seamonkey-translations-other~2.0.14~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"seamonkey-venkman", rpm:"seamonkey-venkman~2.0.14~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-js192-32bit", rpm:"mozilla-js192-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-32bit", rpm:"mozilla-xulrunner191-32bit~1.9.1.19~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner191-gnomevfs-32bit", rpm:"mozilla-xulrunner191-gnomevfs-32bit~1.9.1.19~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-32bit", rpm:"mozilla-xulrunner192-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome-32bit", rpm:"mozilla-xulrunner192-gnome-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common-32bit", rpm:"mozilla-xulrunner192-translations-common-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other-32bit", rpm:"mozilla-xulrunner192-translations-other-32bit~1.9.2.17~0.2.1", rls:"openSUSE11.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}