Oval Definition:	oval:org.mitre.oval:def:7618
Revision Date: 2014-10-06 Version: 34 Title: Mozilla Firefox/Thunderbird/SeaMonkey XMLDocument::load Function Access Restrictions Bypass Vulnerability Description: The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2010-0182 Platform(s): Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Mozilla Firefox Mozilla SeaMonkey Mozilla Thunderbird Definition Synopsis Check for vulnerable Firefox mainline Mozilla Firefox Mainline release is installed AND Check for vulnerable version Mozilla Firefox Mainline version is 3.5.x before 3.5.9 OR Mozilla Firefox Mainline version is 3.6.x before 3.6.2 OR Check for vulnerable SeaMonkey Mozilla Seamonkey is installed AND Mozilla Seamonkey version less than 2.0.4 OR Check for vulnerable Thunderbird Mainline Mozilla Thunderbird Mainline release is installed AND Mozilla Thunderbird version less than 3.0.4
BACK