/
oval_org.cisecurity_def_9045.xml
47 lines (47 loc) · 3 KB
/
oval_org.cisecurity_def_9045.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:9045" version="3">
<metadata>
<title>A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash.</title>
<affected family="windows">
<platform>Microsoft Windows 7</platform>
<platform>Microsoft Windows 8</platform>
<platform>Microsoft Windows 8.1</platform>
<platform>Microsoft Windows 10</platform>
<platform>Microsoft Windows Server 2008</platform>
<platform>Microsoft Windows Server 2008 R2</platform>
<platform>Microsoft Windows Server 2012</platform>
<platform>Microsoft Windows Server 2012 R2</platform>
<platform>Microsoft Windows Server 2016</platform>
<platform>Microsoft Windows Server 2019</platform>
<product>Mozilla Thunderbird</product>
<product>Mozilla Firefox ESR</product>
<product>Mozilla Firefox</product>
</affected>
<reference ref_id="CVE-2021-29970" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970" source="CVE" />
<description>A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.</description>
<oval_repository>
<dates>
<submitted date="2021-11-01T07:50:00+00:00">
<contributor organization="GFI">Glenn Lugod</contributor>
</submitted>
<status_change date="2021-11-05T15:41:52.218Z">DRAFT</status_change>
<status_change date="2021-11-19T15:22:35.469Z">INTERIM</status_change>
</dates>
<status>INTERIM</status>
<min_schema_version>5.10</min_schema_version>
</oval_repository>
</metadata>
<criteria operator="OR">
<criteria comment="Mozilla Thunderbird Mainline release is installed + version" operator="AND">
<extend_definition comment="Mozilla Thunderbird Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22093" />
<criterion comment="Check if Mozilla Thunderbird Mainline version less than 78.12" test_ref="oval:org.cisecurity:tst:21289" />
</criteria>
<criteria comment="Mozilla Firefox ESR release is installed + version" operator="AND">
<extend_definition comment="Mozilla Firefox ESR is installed" definition_ref="oval:org.mitre.oval:def:22414" />
<criterion comment="Check if Mozilla Firefox ESR version is less than 78.12" test_ref="oval:org.cisecurity:tst:21284" />
</criteria>
<criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
<extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
<criterion comment="Check if Mozilla Firefox Mainline version less than 90.0" test_ref="oval:org.cisecurity:tst:21270" />
</criteria>
</criteria>
</definition>