oval:org.mitre.oval:def:8711
Definition Id: oval:org.mitre.oval:def:8711 | |||
Oval ID: | oval:org.mitre.oval:def:8711 | ||
Title: | Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability | ||
Description: | The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0168 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22259 | |||
Oval ID: | oval:org.mitre.oval:def:22259 | ||
Title: | Mozilla Firefox Mainline release is installed | ||
Description: | The browser installed on the system is Mozilla Firefox Mainline release | ||
Family: | windows | Class: | inventory |
Reference(s): | cpe:/a:mozilla:firefox | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:8711 |