A commit message mentioning who did the PR (PR1884 by glugod-aurea)

repository/definitions/vulnerability/oval_org.cisecurity_def_8871.xml

@@ -0,0 +1,45 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:8871" version="1">
+  <metadata>
+    <title>When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server.</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Mozilla Firefox ESR</product>
+      <product>Mozilla Thunderbird</product>
+      <product>Mozilla Firefox</product>
+    </affected>
+    <reference ref_id="CVE-2021-24002" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002" source="CVE" />
+    <description>When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2021-07-14T02:59:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="OR">
+    <criteria comment="Mozilla Firefox ESR release is installed + version" operator="AND">
+      <extend_definition comment="Mozilla Firefox ESR is installed" definition_ref="oval:org.mitre.oval:def:22414" />
+      <criterion comment="Check if Mozilla Firefox ESR version is less than 78.10" test_ref="oval:org.cisecurity:tst:20289" />
+    </criteria>
+    <criteria comment="Mozilla Thunderbird Mainline release is installed + version" operator="AND">
+      <extend_definition comment="Mozilla Thunderbird Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22093" />
+      <criterion comment="Check if Mozilla Thunderbird Mainline version less than 78.10" test_ref="oval:org.cisecurity:tst:20292" />
+    </criteria>
+    <criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
+      <extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
+      <criterion comment="Check if Mozilla Firefox Mainline version less than 88.0" test_ref="oval:org.cisecurity:tst:20280" />
+    </criteria>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_8872.xml

@@ -0,0 +1,33 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:8872" version="1">
+  <metadata>
+    <title>Firefox used to cache the last filename used for printing a file.</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Mozilla Firefox</product>
+    </affected>
+    <reference ref_id="CVE-2021-29960" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29960" source="CVE" />
+    <description>Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox &lt; 89.</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2021-07-14T02:59:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
+    <extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
+    <criterion comment="Check if Mozilla Firefox Mainline version less than 89.0" test_ref="oval:org.cisecurity:tst:20296" />
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_8873.xml

@@ -0,0 +1,33 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:8873" version="1">
+  <metadata>
+    <title>When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt.</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Mozilla Firefox</product>
+    </affected>
+    <reference ref_id="CVE-2021-29959" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29959" source="CVE" />
+    <description>When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox &lt; 89.</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2021-07-14T02:59:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
+    <extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
+    <criterion comment="Check if Mozilla Firefox Mainline version less than 89.0" test_ref="oval:org.cisecurity:tst:20285" />
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_8874.xml

@@ -0,0 +1,45 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:8874" version="1">
+  <metadata>
+    <title>Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page.</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Mozilla Firefox ESR</product>
+      <product>Mozilla Thunderbird</product>
+      <product>Mozilla Firefox</product>
+    </affected>
+    <reference ref_id="CVE-2021-23998" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998" source="CVE" />
+    <description>Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2021-07-14T02:59:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="OR">
+    <criteria comment="Mozilla Firefox ESR release is installed + version" operator="AND">
+      <extend_definition comment="Mozilla Firefox ESR is installed" definition_ref="oval:org.mitre.oval:def:22414" />
+      <criterion comment="Check if Mozilla Firefox ESR version is less than 78.10" test_ref="oval:org.cisecurity:tst:20284" />
+    </criteria>
+    <criteria comment="Mozilla Thunderbird Mainline release is installed + version" operator="AND">
+      <extend_definition comment="Mozilla Thunderbird Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22093" />
+      <criterion comment="Check if Mozilla Thunderbird Mainline version less than 78.10" test_ref="oval:org.cisecurity:tst:20272" />
+    </criteria>
+    <criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
+      <extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
+      <criterion comment="Check if Mozilla Firefox Mainline version less than 88.0" test_ref="oval:org.cisecurity:tst:20278" />
+    </criteria>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_8875.xml

@@ -0,0 +1,33 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:8875" version="1">
+  <metadata>
+    <title>A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab.</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Mozilla Firefox</product>
+    </affected>
+    <reference ref_id="CVE-2021-24000" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24000" source="CVE" />
+    <description>A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &amp;lt;input type="file"&amp;gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox &lt; 88.</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2021-07-14T02:59:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
+    <extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
+    <criterion comment="Check if Mozilla Firefox Mainline version less than 88.0" test_ref="oval:org.cisecurity:tst:20290" />
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_8876.xml

@@ -0,0 +1,45 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:8876" version="1">
+  <metadata>
+    <title>Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header.</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Mozilla Firefox ESR</product>
+      <product>Mozilla Thunderbird</product>
+      <product>Mozilla Firefox</product>
+    </affected>
+    <reference ref_id="CVE-2021-29946" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946" source="CVE" />
+    <description>Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2021-07-14T02:59:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="OR">
+    <criteria comment="Mozilla Firefox ESR release is installed + version" operator="AND">
+      <extend_definition comment="Mozilla Firefox ESR is installed" definition_ref="oval:org.mitre.oval:def:22414" />
+      <criterion comment="Check if Mozilla Firefox ESR version is less than 78.10" test_ref="oval:org.cisecurity:tst:20287" />
+    </criteria>
+    <criteria comment="Mozilla Thunderbird Mainline release is installed + version" operator="AND">
+      <extend_definition comment="Mozilla Thunderbird Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22093" />
+      <criterion comment="Check if Mozilla Thunderbird Mainline version less than 78.10" test_ref="oval:org.cisecurity:tst:20270" />
+    </criteria>
+    <criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
+      <extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
+      <criterion comment="Check if Mozilla Firefox Mainline version less than 88.0" test_ref="oval:org.cisecurity:tst:20281" />
+    </criteria>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_8877.xml

@@ -0,0 +1,33 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:8877" version="1">
+  <metadata>
+    <title>Mozilla developers and community members reported memory safety bugs present in Firefox 87.</title>
+    <affected family="windows">
+      <platform>Microsoft Windows 7</platform>
+      <platform>Microsoft Windows 8</platform>
+      <platform>Microsoft Windows 8.1</platform>
+      <platform>Microsoft Windows 10</platform>
+      <platform>Microsoft Windows Server 2008</platform>
+      <platform>Microsoft Windows Server 2008 R2</platform>
+      <platform>Microsoft Windows Server 2012</platform>
+      <platform>Microsoft Windows Server 2012 R2</platform>
+      <platform>Microsoft Windows Server 2016</platform>
+      <platform>Microsoft Windows Server 2019</platform>
+      <product>Mozilla Firefox</product>
+    </affected>
+    <reference ref_id="CVE-2021-29947" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29947" source="CVE" />
+    <description>Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 88.</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2021-07-14T02:59:00+00:00">
+          <contributor organization="GFI">Glenn Lugod</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria comment="Mozilla Firefox Mainline release is installed + version" operator="AND">
+    <extend_definition comment="Mozilla Firefox Mainline release is installed" definition_ref="oval:org.mitre.oval:def:22259" />
+    <criterion comment="Check if Mozilla Firefox Mainline version less than 88.0" test_ref="oval:org.cisecurity:tst:20288" />
+  </criteria>
+</definition>