Oval Definition:	oval:org.mitre.oval:def:7008
Revision Date: 2014-10-06 Version: 27 Title: Mozilla Thunderbird, Firefox and Seamonkey arbitrary code execution Vulnerability Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-1307 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Product(s): Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird Definition Synopsis Check Mozilla Thunderbird version Mozilla Thunderbird Mainline release is installed AND Thunderbird version is less than or equal to 2.0.0.21 OR Check Mozilla Seamonkey version Mozilla Seamonkey is installed AND Seamonkey version is less than or equal to 1.1.16 OR Check Mozilla Firefox version Mozilla Firefox Mainline release is installed AND Firefox version is less than or equal to 3.0.8
BACK