The OVAL Repository5.102014-08-07T08:46:37.735-04:00Access ActiveX Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Access 2003Microsoft Access 2007The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Access 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Office Access 2007The application Microsoft Access 2007 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDThe PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows 2008 R2Microsoft Windows 8Microsoft Windows 2012Microsoft Windows 8.1Microsoft Windows 2012 R2Mozilla FirefoxThe PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.Evgeniy PavlovDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMINTERIMBuffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows 2008 R2Microsoft Windows 8Microsoft Windows 2012Microsoft Windows 8.1Microsoft Windows 2012 R2Mozilla FirefoxMozilla SeamonkeyBuffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.Evgeniy PavlovDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMINTERIMUse-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows 2008 R2Microsoft Windows 8Microsoft Windows 2012Microsoft Windows 8.1Microsoft Windows 2012 R2Mozilla FirefoxMozilla Firefox ESRMozilla ThunderbirdMozilla SeamonkeyUse-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.Evgeniy PavlovDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMINTERIMUse-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows 2008 R2Microsoft Windows 8Microsoft Windows 2012Microsoft Windows 8.1Microsoft Windows 2012 R2Mozilla FirefoxUse-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Evgeniy PavlovDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMINTERIMUse-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows 2008 R2Microsoft Windows 8Microsoft Windows 2012Microsoft Windows 8.1Microsoft Windows 2012 R2Mozilla FirefoxMozilla SeamonkeyUse-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.Evgeniy PavlovDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMINTERIMDEPRECATED: Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows 2008 R2Microsoft Windows 8Microsoft Windows 2012Microsoft Windows 8.1Microsoft Windows 2012 R2Mozilla FirefoxMozilla ThunderbirdMozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.Evgeniy PavlovDRAFTMaria MikhnoDEPRECATEDEvgeniy PavlovDEPRECATEDMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows 2008 R2Microsoft Windows 8Microsoft Windows 2012Microsoft Windows 8.1Microsoft Windows 2012 R2Mozilla FirefoxMozilla Firefox ESRMozilla ThunderbirdMozilla SeamonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Evgeniy PavlovDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMINTERIMUse-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows 2008 R2Microsoft Windows 8Microsoft Windows 2012Microsoft Windows 8.1Microsoft Windows 2012 R2Mozilla FirefoxMozilla Firefox ESRMozilla ThunderbirdMozilla SeamonkeyUse-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Evgeniy PavlovDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMINTERIMMozilla Seamonkey is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Mozilla SeaMonkeyThe installed browser on the system is Mozilla Seamonkey.Prabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDBhavya KINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMozilla Firefox ESR is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Mozilla Firefox ESRThe browser installed on the system is Mozilla Firefox ESRMaria KedovskayaDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMEvgeniy PavlovINTERIMMozilla Thunderbird Mainline release is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Mozilla ThunderbirdThe installed e-mail and news client on the system is Mozilla Thunderbird Mainline releaseMaria KedovskayaDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDEvgeniy PavlovINTERIMINTERIMMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows 2008 R2Microsoft Windows 8Microsoft Windows 2012Microsoft Windows 8.1Microsoft Windows 2012 R2Mozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Evgeniy PavlovDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMINTERIMMozilla Firefox Mainline release is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Mozilla FirefoxThe browser installed on the system is Mozilla Firefox Mainline releaseMaria KedovskayaDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMEvgeniy PavlovINTERIMMSACCESS.EXEHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Access\InstallRootPathAccwiz.dllMSACCESS.EXEHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Access\InstallRootPaththunderbird.exechannel-prefs.js^.*app\.update\.channel.*release.*$1firefox.exechannel-prefs.js^.*app\.update\.channel.*esr.*$1thunderbird.exechannel-prefs.js^.*app\.update\.channel.*esr.*$1HKEY_LOCAL_MACHINE^Software\\Mozilla\\Mozilla Thunderbird\\.*$Install directoryHKEY_LOCAL_MACHINE^SOFTWARE\\Mozilla\\SeaMonkey.+\\bin$PathToExefirefox.exechannel-prefs.js^.*app\.update\.channel.*release.*$1HKEY_LOCAL_MACHINE^Software\\Mozilla\\Mozilla Firefox\\.*$Install directory13.0.0.012.0.0.012.0.6535.500511.0.8325.011.0.8166.029.024.024.624.624.02.26.130.0\defaults\pref\defaults\pref