Oval Definition:	oval:org.mitre.oval:def:12114
Revision Date: 2014-10-06 Version: 32 Title: Mozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Same Origin Policy Bypass Crafted Function XSS Description: The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2010-2763 Platform(s): Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Mozilla Firefox Mozilla SeaMonkey Mozilla Thunderbird Definition Synopsis Check for vulnerable Firefox Mozilla Firefox Mainline release is installed AND Check for vulnerable version Mozilla Firefox Mainline version is 3.5.x before 3.5.12 OR Check for vulnerable SeaMonkey Mozilla Seamonkey is installed AND Mozilla Seamonkey version less than 2.0.7 OR Check for vulnerable Thunderbird Mozilla Thunderbird Mainline release is installed AND Mozilla Thunderbird 3.0.x before 3.0.7
BACK