Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:9922

Version

Class

vulnerability

ALTXid

1670

Language

English

Severity

NotAvailable

Title

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.

Description

Family

unix

Platform

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2010-07-09T03:56:16-04:00 : submitted
  - SCAP.com, LLC Aharon Chernin
- 2010-07-28T14:17:19.288-04:00 : status_change DRAFT
- 2010-08-16T04:14:58.214-04:00 : status_change INTERIM
- 2010-09-06T04:16:06.246-04:00 : status_change ACCEPTED
- 2013-04-10T17:36:00.135-04:00 : modified EDITED oval:org.mitre.oval:def:9922 - Expanded the vulnerability checks for RHEL 3, 4, and 5 to cover CentOS 3, 4, 5 and Oracle Linux 4 and 5
  - G2, Inc. Dragos Prisaca
- 2013-04-10T17:40:42.919-04:00 : status_change INTERIM
- 2013-04-29T04:23:20.787-04:00 : status_change ACCEPTED

Reference

CVE: CVE-2009-0356

Criteria

Expand All

Collapse All

AND

OS Section: RHEL4, CentOS4, Oracle Linux 4

OR	RHEL4, CentOS4 or Oracle Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11831) The operating system installed on the system is Red Hat Enterprise Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16636) CentOS Linux 4.x
EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15990) Oracle Linux 4.x

OR Configuration section
- CRITERION nss-devel is earlier than 0:3.12.2.0-3.el4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:37923) check=at least one, check_existence=at_least_one_exists, comment=nss-devel is earlier than 0:3.12.2.0-3.el4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14656)
      name nss-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10988)
      evr datatype=evr_string | operation=less than | value=0:3.12.2.0-3.el4
- CRITERION firefox is earlier than 0:3.0.6-1.el4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:37823) check=at least one, check_existence=at_least_one_exists, comment=firefox is earlier than 0:3.0.6-1.el4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:13805)
      name firefox
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10173)
      evr datatype=evr_string | operation=less than | value=0:3.0.6-1.el4
- CRITERION nss is earlier than 0:3.12.2.0-3.el4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:38343) check=at least one, check_existence=at_least_one_exists, comment=nss is earlier than 0:3.12.2.0-3.el4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14917)
      name nss
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10988)
      evr datatype=evr_string | operation=less than | value=0:3.12.2.0-3.el4
- CRITERION nss-tools is earlier than 0:3.12.2.0-3.el4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:38172) check=at least one, check_existence=at_least_one_exists, comment=nss-tools is earlier than 0:3.12.2.0-3.el4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:15090)
      name nss-tools
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10988)
      evr datatype=evr_string | operation=less than | value=0:3.12.2.0-3.el4

AND

OS Section: RHEL5, CentOS5, Oracle Linux 5

OR	RHEL5, CentOS5 or Oracle Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15459) Oracle Linux 5.x

OR	Configuration section

CRITERION nss-pkcs11-devel is earlier than 0:3.12.2.0-4.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:37933) check=at least one, check_existence=at_least_one_exists, comment=nss-pkcs11-devel is earlier than 0:3.12.2.0-4.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14171)
    name nss-pkcs11-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:11160)
    evr datatype=evr_string | operation=less than | value=0:3.12.2.0-4.el5
CRITERION xulrunner-devel is earlier than 0:1.9.0.6-1.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:37808) check=at least one, check_existence=at_least_one_exists, comment=xulrunner-devel is earlier than 0:1.9.0.6-1.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:15100)
    name xulrunner-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:11120)
    evr datatype=evr_string | operation=less than | value=0:1.9.0.6-1.el5
CRITERION nss is earlier than 0:3.12.2.0-4.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:37350) check=at least one, check_existence=at_least_one_exists, comment=nss is earlier than 0:3.12.2.0-4.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14917)
    name nss
  - rpminfo_state (ID = oval:org.mitre.oval:ste:11160)
    evr datatype=evr_string | operation=less than | value=0:3.12.2.0-4.el5
CRITERION xulrunner is earlier than 0:1.9.0.6-1.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:37835) check=at least one, check_existence=at_least_one_exists, comment=xulrunner is earlier than 0:1.9.0.6-1.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:15057)
    name xulrunner
  - rpminfo_state (ID = oval:org.mitre.oval:ste:11120)
    evr datatype=evr_string | operation=less than | value=0:1.9.0.6-1.el5

CRITERION

xulrunner-devel-unstable is earlier than 0:1.9.0.6-1.el5

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:37556) check=at least one, check_existence=at_least_one_exists, comment=xulrunner-devel-unstable is earlier than 0:1.9.0.6-1.el5, version=2

rpminfo_object (ID = oval:org.mitre.oval:obj:15048)
name xulrunner-devel-unstable
rpminfo_state (ID = oval:org.mitre.oval:ste:11120)
evr datatype=evr_string | operation=less than | value=0:1.9.0.6-1.el5

CRITERION firefox is earlier than 0:3.0.6-1.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:38272) check=at least one, check_existence=at_least_one_exists, comment=firefox is earlier than 0:3.0.6-1.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13805)
    name firefox
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10787)
    evr datatype=evr_string | operation=less than | value=0:3.0.6-1.el5
CRITERION nss-devel is earlier than 0:3.12.2.0-4.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:38040) check=at least one, check_existence=at_least_one_exists, comment=nss-devel is earlier than 0:3.12.2.0-4.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14656)
    name nss-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:11160)
    evr datatype=evr_string | operation=less than | value=0:3.12.2.0-4.el5
CRITERION nss-tools is earlier than 0:3.12.2.0-4.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:37867) check=at least one, check_existence=at_least_one_exists, comment=nss-tools is earlier than 0:3.12.2.0-4.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:15090)
    name nss-tools
  - rpminfo_state (ID = oval:org.mitre.oval:ste:11160)
    evr datatype=evr_string | operation=less than | value=0:3.12.2.0-4.el5


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	PARTIAL
Access complexity:	HIGH
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL