Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:9972

Version

Class

vulnerability

ALTXid

1616

Language

English

Severity

NotAvailable

Title

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.

Description

Family

unix

Platform

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2010-07-09T03:56:16-04:00 : submitted
  - SCAP.com, LLC Aharon Chernin
- 2010-07-28T14:24:01.426-04:00 : status_change DRAFT
- 2010-08-16T04:15:17.359-04:00 : status_change INTERIM
- 2010-09-06T04:16:26.170-04:00 : status_change ACCEPTED
- 2013-04-10T16:24:00.823-04:00 : modified EDITED oval:org.mitre.oval:def:9972 - Expanded the vulnerability checks for RHEL 3, 4, and 5 to cover CentOS 3, 4, 5 and Oracle Linux 4 and 5
  - G2, Inc. Dragos Prisaca
- 2013-04-10T16:30:24.332-04:00 : status_change INTERIM
- 2013-04-29T04:23:47.293-04:00 : status_change ACCEPTED

Reference

CVE: CVE-2008-0592

Criteria

Expand All

Collapse All

AND

OS Section: RHEL3, CentOS3

OR	RHEL3 or CentOS3

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11782) The operating system installed on the system is Red Hat Enterprise Linux 3

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16651) CentOS Linux 3.x

OR	Configuration section

CRITERION seamonkey-nspr is earlier than 0:1.0.9-0.9.el3
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36256) version=1, comment=seamonkey-nspr is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13864)
    name seamonkey-nspr
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3

CRITERION

seamonkey-js-debugger is earlier than 0:1.0.9-0.9.el3

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36236) version=1, comment=seamonkey-js-debugger is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one

rpminfo_object (ID = oval:org.mitre.oval:obj:14292)
name seamonkey-js-debugger
rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3

CRITERION seamonkey-nss-devel is earlier than 0:1.0.9-0.9.el3
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35996) version=1, comment=seamonkey-nss-devel is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14131)
    name seamonkey-nss-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3
CRITERION seamonkey is earlier than 0:1.0.9-0.9.el3
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36279) version=1, comment=seamonkey is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13938)
    name seamonkey
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3

CRITERION

seamonkey-nspr-devel is earlier than 0:1.0.9-0.9.el3

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36046) version=1, comment=seamonkey-nspr-devel is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one

rpminfo_object (ID = oval:org.mitre.oval:obj:13838)
name seamonkey-nspr-devel
rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3

CRITERION seamonkey-mail is earlier than 0:1.0.9-0.9.el3
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36052) version=1, comment=seamonkey-mail is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13848)
    name seamonkey-mail
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3
CRITERION seamonkey-chat is earlier than 0:1.0.9-0.9.el3
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36034) version=1, comment=seamonkey-chat is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14525)
    name seamonkey-chat
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3
CRITERION seamonkey-devel is earlier than 0:1.0.9-0.9.el3
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36284) version=1, comment=seamonkey-devel is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13924)
    name seamonkey-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3

CRITERION

seamonkey-dom-inspector is earlier than 0:1.0.9-0.9.el3

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35748) version=1, comment=seamonkey-dom-inspector is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one

rpminfo_object (ID = oval:org.mitre.oval:obj:13953)
name seamonkey-dom-inspector
rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3

CRITERION seamonkey-nss is earlier than 0:1.0.9-0.9.el3
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35994) version=1, comment=seamonkey-nss is earlier than 0:1.0.9-0.9.el3, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14224)
    name seamonkey-nss
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10198)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-0.9.el3

AND

OS Section: RHEL4, CentOS4, Oracle Linux 4

OR	RHEL4, CentOS4 or Oracle Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11831) The operating system installed on the system is Red Hat Enterprise Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16636) CentOS Linux 4.x
EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15990) Oracle Linux 4.x

OR	Configuration section

CRITERION seamonkey-nspr is earlier than 0:1.0.9-9.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36164) version=1, comment=seamonkey-nspr is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13864)
    name seamonkey-nspr
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4
CRITERION seamonkey-js-debugger is earlier than 0:1.0.9-9.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36050) version=1, comment=seamonkey-js-debugger is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14292)
    name seamonkey-js-debugger
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4
CRITERION thunderbird is earlier than 0:1.5.0.12-8.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36202) check=at least one, check_existence=at_least_one_exists, comment=thunderbird is earlier than 0:1.5.0.12-8.el4, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14449)
    name thunderbird
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10227)
    evr datatype=evr_string | operation=less than | value=0:1.5.0.12-8.el4
CRITERION seamonkey-nss-devel is earlier than 0:1.0.9-9.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36193) version=1, comment=seamonkey-nss-devel is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14131)
    name seamonkey-nss-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4
CRITERION seamonkey is earlier than 0:1.0.9-9.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36093) version=1, comment=seamonkey is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13938)
    name seamonkey
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4
CRITERION seamonkey-nspr-devel is earlier than 0:1.0.9-9.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36053) version=1, comment=seamonkey-nspr-devel is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13838)
    name seamonkey-nspr-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4
CRITERION firefox is earlier than 0:1.5.0.12-0.10.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35919) check=at least one, check_existence=at_least_one_exists, comment=firefox is earlier than 0:1.5.0.12-0.10.el4, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13805)
    name firefox
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10810)
    evr datatype=evr_string | operation=less than | value=0:1.5.0.12-0.10.el4
CRITERION seamonkey-mail is earlier than 0:1.0.9-9.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35600) version=1, comment=seamonkey-mail is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13848)
    name seamonkey-mail
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4
CRITERION seamonkey-chat is earlier than 0:1.0.9-9.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36141) version=1, comment=seamonkey-chat is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14525)
    name seamonkey-chat
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4
CRITERION seamonkey-nss is earlier than 0:1.0.9-9.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35397) version=1, comment=seamonkey-nss is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14224)
    name seamonkey-nss
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4
CRITERION seamonkey-devel is earlier than 0:1.0.9-9.el4
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35684) version=1, comment=seamonkey-devel is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13924)
    name seamonkey-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
    evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4

CRITERION

seamonkey-dom-inspector is earlier than 0:1.0.9-9.el4

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36203) version=1, comment=seamonkey-dom-inspector is earlier than 0:1.0.9-9.el4, check_existence=at_least_one_exists, check=at least one

rpminfo_object (ID = oval:org.mitre.oval:obj:13953)
name seamonkey-dom-inspector
rpminfo_state (ID = oval:org.mitre.oval:ste:10809)
evr datatype=evr_string | operation=less than | value=0:1.0.9-9.el4

AND

OS Section: RHEL5, CentOS5, Oracle Linux 5

OR	RHEL5, CentOS5 or Oracle Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15459) Oracle Linux 5.x

OR Configuration section
- CRITERION firefox-devel is earlier than 0:1.5.0.12-9.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36281) check=at least one, check_existence=at_least_one_exists, comment=firefox-devel is earlier than 0:1.5.0.12-9.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14876)
      name firefox-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10605)
      evr datatype=evr_string | operation=less than | value=0:1.5.0.12-9.el5
- CRITERION firefox is earlier than 0:1.5.0.12-9.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35480) check=at least one, check_existence=at_least_one_exists, comment=firefox is earlier than 0:1.5.0.12-9.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:13805)
      name firefox
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10605)
      evr datatype=evr_string | operation=less than | value=0:1.5.0.12-9.el5
- CRITERION thunderbird is earlier than 0:1.5.0.12-8.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35675) check=at least one, check_existence=at_least_one_exists, comment=thunderbird is earlier than 0:1.5.0.12-8.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14449)
      name thunderbird
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10659)
      evr datatype=evr_string | operation=less than | value=0:1.5.0.12-8.el5


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	PARTIAL