Oval Definition:	oval:org.mitre.oval:def:23822
Revision Date: 2014-05-26 Version: 53 Title: ELSA-2013:0981: firefox security update (Critical) Description: The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 ELSA-2013:0981-00 Platform(s): Oracle Linux 5 Oracle Linux 6 Product(s): firefox xulrunner Definition Synopsis rpm test Oracle Linux 6.x AND rpm test xulrunner-devel is earlier than 0:17.0.7-1.el6_4 OR xulrunner is earlier than 0:17.0.7-1.el6_4 OR firefox is earlier than 0:17.0.7-1.el6_4 OR rpm test Oracle Linux 5.x AND rpm test xulrunner-devel is earlier than 0:17.0.7-1.el5_9 OR xulrunner is earlier than 0:17.0.7-1.el5_9 OR firefox is earlier than 0:17.0.7-1.el5_9
BACK