Oval Definition:	oval:org.mitre.oval:def:23481
Revision Date: 2014-05-26 Version: 52 Title: ELSA-2013:0982: thunderbird security update (Important) Description: The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 ELSA-2013:0982-00 Platform(s): Oracle Linux 5 Oracle Linux 6 Product(s): thunderbird Definition Synopsis rpm test thunderbird is earlier than 0:17.0.7-1.el6_4 AND Oracle Linux 6.x OR rpm test Oracle Linux 5.x AND thunderbird is earlier than 0:17.0.7-1.el5_9
BACK