Oval Definition:oval:org.mitre.oval:def:14401
Revision Date:2014-10-06Version:27
Title:CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Description:CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-2605
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis
  • Determine if the version of Mozilla Firefox is less than or equal to 1.5 and is greater than or equal to 1.0
  • Mozilla Firefox Mainline release is installed
  • AND Mozilla Firefox Mainline version is less than or equal to 1.5
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is greater than or equal to 1.0
  • OR Determine if the version of Mozilla Thunderbird is less than or equal to 1.7.3 and is greater than or equal to 1.0
  • Mozilla Thunderbird Mainline release is installed
  • AND Determine if the version of Mozilla Thunderbird is less than or equal to 1.7.3
  • AND Determine if the version of Mozilla Thunderbird is greater than or equal to 1.0
  • OR Determine if the version of Mozilla Firefox is less than or equal to 3.6.17 and is greater than or equal to 3.0
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is less than or equal to 3.6.17
  • AND Mozilla Firefox Mainline version is greater than or equal to 3.0
  • OR Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.10 and is greater than or equal to 3.0.1
  • Mozilla Thunderbird Mainline release is installed
  • AND Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.10
  • AND Determine if the version of Mozilla Thunderbird is greater than or equal to 3.0.1
  • OR Determine if the version of Mozilla Firefox is equal to 4.0
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is equal to 4.0
  • OR Determine if the version of Mozilla Thunderbird is less than or equal to 0.9 and is greater than or equal to 0.1
  • Mozilla Thunderbird Mainline release is installed
  • AND Determine if the version of Mozilla Thunderbird is less than or equal to 0.9
  • AND Determine if the version of Mozilla Thunderbird is greater than or equal to 0.1
  • OR Determine if the version of Mozilla Thunderbird is less than or equal to 2.0.0.23 and is greater than or equal to 2.0.0.0
  • Mozilla Thunderbird Mainline release is installed
  • AND Determine if the version of Mozilla Thunderbird is less than or equal to 2.0.0.23
  • AND Determine if the version of Mozilla Thunderbird is greater than or equal to 2.0.0.0
  • OR Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 and is greater than or equal to 2.0.0.1
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is less than or equal to 2.0.0.20
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is greater than or equal to 2.0.0.1
    • BACK