| Revision Date: | 2014-10-06 | Version: | 27 |
| Title: | Mozilla Thunderbird, Firefox and Seamonkey Cross Site Scripting Vulnerability |
| Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2009-1306
|
| Platform(s): | Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
| Product(s): | Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
|
| Definition Synopsis |
| Check Mozilla Thunderbird version Mozilla Thunderbird Mainline release is installed
AND Thunderbird version is less than or equal to 2.0.0.21
OR Check Mozilla Seamonkey version
Mozilla Seamonkey is installed
AND Seamonkey version is less than or equal to 1.1.16
OR Check Mozilla Firefox version
Mozilla Firefox Mainline release is installed
AND Firefox version is less than or equal to 3.0.8
|