/
oval_org.cisecurity_def_9024.xml
52 lines (52 loc) · 3.52 KB
/
oval_org.cisecurity_def_9024.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:9024" version="5">
<metadata>
<title>Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash.</title>
<affected family="windows">
<platform>Microsoft Windows 7</platform>
<platform>Microsoft Windows 8</platform>
<platform>Microsoft Windows 8.1</platform>
<platform>Microsoft Windows 10</platform>
<platform>Microsoft Windows Server 2008</platform>
<platform>Microsoft Windows Server 2008 R2</platform>
<platform>Microsoft Windows Server 2012</platform>
<platform>Microsoft Windows Server 2012 R2</platform>
<platform>Microsoft Windows Server 2016</platform>
<platform>Microsoft Windows Server 2019</platform>
<product>Mozilla Thunderbird</product>
<product>Mozilla Firefox ESR</product>
<product>Mozilla Firefox</product>
</affected>
<reference ref_id="CVE-2021-29988" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988" source="CVE" />
<description>Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.</description>
<oval_repository>
<dates>
<submitted date="2021-10-21T10:23:00+00:00">
<contributor organization="GFI">Glenn Lugod</contributor>
</submitted>
<status_change date="2021-10-29T12:31:48.791Z">DRAFT</status_change>
<status_change date="2021-11-12T12:59:56.686Z">INTERIM</status_change>
<status_change date="2021-11-26T16:05:05.810Z">ACCEPTED</status_change>
</dates>
<status>ACCEPTED</status>
<min_schema_version>5.10</min_schema_version>
</oval_repository>
</metadata>
<criteria operator="OR">
<criteria comment="Mozilla Thunderbird Mainline release is installed + version" operator="AND">
<extend_definition comment="Mozilla Thunderbird Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22093" />
<criterion comment="Check if Mozilla Thunderbird Mainline version less than 78.13" test_ref="oval:org.cisecurity:tst:21250" />
</criteria>
<criteria comment="Mozilla Thunderbird Mainline release is installed + version" operator="AND">
<extend_definition comment="Mozilla Thunderbird Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22093" />
<criterion comment="Check if Mozilla Thunderbird Mainline version less than 91.0" test_ref="oval:org.cisecurity:tst:21252" />
</criteria>
<criteria comment="Mozilla Firefox ESR release is installed + version" operator="AND">
<extend_definition comment="Mozilla Firefox ESR is installed" definition_ref="oval:org.mitre.oval:def:22414" />
<criterion comment="Check if Mozilla Firefox ESR version is less than 78.13" test_ref="oval:org.cisecurity:tst:21238" />
</criteria>
<criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
<extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
<criterion comment="Check if Mozilla Firefox Mainline version less than 91.0" test_ref="oval:org.cisecurity:tst:21248" />
</criteria>
</criteria>
</definition>