Oval Definition:oval:org.mitre.oval:def:12192
Revision Date:2014-10-06Version:33
Title:Mozilla Multiple Products Document Selection Addition designMode Property XSS
Description:Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-2769
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis
  • Check for vulnerable Firefox
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is 3.5.x before 3.5.12
  • OR Mozilla Firefox Mainline version is 3.6.x before 3.6.9
  • OR Check for vulnerable SeaMonkey
  • Mozilla Seamonkey is installed
  • AND Mozilla Seamonkey version less than 2.0.7
  • OR Check for vulnerable Thunderbird
  • Mozilla Thunderbird Mainline release is installed
  • AND Thunderbird version is 3.1.x before 3.1.3 or 3.0.x before 3.0.7
  • Mozilla Thunderbird 3.1.x before 3.1.3
  • OR Mozilla Thunderbird 3.0.x before 3.0.7
    • BACK