| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:9826 | V | Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | 2013-04-29 |
| oval:org.mitre.oval:def:10838 | V | Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. | 2013-04-29 |
| oval:org.mitre.oval:def:11462 | V | Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite. | 2013-04-29 |