Oval Definition:oval:org.mitre.oval:def:18367
Revision Date:2014-10-06Version:30
Title:Local Java applets may read contents of local file system
Description:Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2013-1717
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla Firefox ESR
Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Thunderbird ESR
Definition Synopsis
  • Check for vulnerable Firefox
  • Mozilla Firefox Mainline release is installed
  • AND Mozilla Firefox Mainline version is less than 23.0
  • AND Mozilla Firefox Mainline version is greater than or equal to 19.0
  • OR Check for vulnerable Seamonkey
  • Mozilla Seamonkey is installed
  • AND Mozilla Seamonkey version less than 2.20
  • OR Check for vulnerable Thunderbird
  • Mozilla Thunderbird Mainline release is installed
  • AND Mozilla Thunderbird version less than 17.0.8
  • AND Mozilla Thunderbird is greater than or equal to 17.0
  • OR Check for vulnerable Mozilla Firefox ESR
  • Mozilla Firefox ESR is installed
  • AND Mozilla Firefox ESR version is less than 17.0.8 and greater than or equal to 17.x
  • OR Check for vulnerable Mozilla Thunderbird ESR
  • Mozilla Thunderbird ESR is installed
  • AND Mozilla Thunderbird ESR version is less than 17.0.8 and greater than or equal to 17.x
    • BACK