Oval Definition:oval:org.mitre.oval:def:12120
Revision Date:2014-10-06Version:33
Title:Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 via crafted HTML document
Description:Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-3178
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis
  • Mozilla Firefox and version before 3.5.14 and 3.6.x before 3.6.11
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is before 3.5.14
  • OR Mozilla Firefox Mainline version is 3.6.x before 3.6.11
  • OR Mozilla Thunderbird and version before 3.0.9 and 3.1.x before 3.1.5
  • Mozilla Thunderbird Mainline release is installed
  • AND Thunderbird version is less than 3.0.9 or 3.1.x before 3.1.5
  • Check if Mozilla Thunderbird version is before 3.0.9
  • OR Check if Mozilla Thunderbird version is 3.1.x before 3.1.5
  • OR Mozilla Seamonkey and version less than 2.0.9
  • Mozilla Seamonkey is installed
  • AND Check if the version of Mozilla Seamonkey is less than 2.0.9
    • BACK