Oval Definition:	oval:org.mitre.oval:def:6710
Revision Date: 2014-10-06 Version: 27 Title: Mozilla Thunderbird, Firefox and Seamonkey Cross Site Scripting Vulnerability Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-1306 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Product(s): Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird Definition Synopsis Check Mozilla Thunderbird version Mozilla Thunderbird Mainline release is installed AND Thunderbird version is less than or equal to 2.0.0.21 OR Check Mozilla Seamonkey version Mozilla Seamonkey is installed AND Seamonkey version is less than or equal to 1.1.16 OR Check Mozilla Firefox version Mozilla Firefox Mainline release is installed AND Firefox version is less than or equal to 3.0.8
BACK