Oval Definition:oval:org.mitre.oval:def:7743
Revision Date:2014-10-06Version:31
Title:Mozilla Firefox/Thunderbird/SeaMonkey Multiple Cross Domain Scripting Vulnerabilities
Description:Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-0171
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis
  • Check for vulnerable Firefox mainline
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is less than 3.0.18
  • OR Mozilla Firefox Mainline version is 3.5.x to 3.5.8
  • OR Mozilla Firefox Mainline version is 3.6.x to 3.6.1
  • OR Check for vulnerable SeaMonkey
  • Mozilla Seamonkey is installed
  • AND Mozilla Seamonkey version is less than 2.0.3
  • OR Check for vulnerable Thunderbird Mainline
  • Mozilla Thunderbird Mainline release is installed
  • AND Mozilla Thunderbird version less than 3.0.2
  • BACK