Oval Definition:oval:org.mitre.oval:def:14055
Revision Date:2014-10-06Version:28
Title:The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.
Description:The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-2993
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis
  • Determine if the version of Mozilla Firefox is equal to 4.0
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is equal to 4.0
  • OR Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1
  • Mozilla Seamonkey is installed
  • AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1
  • AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1
  • OR Determine if the version of Mozilla Firefox is equal to 5.0
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is equal to 5.0
    • BACK