/
oval_org.cisecurity_def_9034.xml
35 lines (35 loc) · 2.11 KB
/
oval_org.cisecurity_def_9034.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:9034" version="3">
<metadata>
<title>A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library.</title>
<affected family="windows">
<platform>Microsoft Windows 7</platform>
<platform>Microsoft Windows 8</platform>
<platform>Microsoft Windows 8.1</platform>
<platform>Microsoft Windows 10</platform>
<platform>Microsoft Windows Server 2008</platform>
<platform>Microsoft Windows Server 2008 R2</platform>
<platform>Microsoft Windows Server 2012</platform>
<platform>Microsoft Windows Server 2012 R2</platform>
<platform>Microsoft Windows Server 2016</platform>
<platform>Microsoft Windows Server 2019</platform>
<product>Mozilla Firefox</product>
</affected>
<reference ref_id="CVE-2021-29972" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29972" source="CVE" />
<description>A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.</description>
<oval_repository>
<dates>
<submitted date="2021-11-01T06:10:00+00:00">
<contributor organization="GFI">Glenn Lugod</contributor>
</submitted>
<status_change date="2021-11-05T15:41:52.218Z">DRAFT</status_change>
<status_change date="2021-11-19T15:22:35.469Z">INTERIM</status_change>
</dates>
<status>INTERIM</status>
<min_schema_version>5.10</min_schema_version>
</oval_repository>
</metadata>
<criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
<extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
<criterion comment="Check if Mozilla Firefox Mainline version less than 90.0" test_ref="oval:org.cisecurity:tst:21277" />
</criteria>
</definition>