Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2801

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2801
Last Modified 26 Nov 2012 10:47:54
Published 07 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2801

Summary

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 2.0.0.12

  • Mozilla Firefox 2.0.0.13

  • Mozilla Firefox 2.0.0.14

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Seamonkey 1.1.9


References

FEDORA - FEDORA-2008-6196

FEDORA - FEDORA-2008-6193

FEDORA - FEDORA-2008-6127

CONFIRM - https://issues.rpath.com/browse/RPL-2646

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=424426

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=424188

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=418996

VUPEN - ADV-2009-0977

VUPEN - ADV-2008-1993

UBUNTU - USN-619-1

SECTRACK - 1020419

BID - 30038

BUGTRAQ - 20080708 rPSA-2008-0216-1 firefox

REDHAT - RHSA-2008:0569

REDHAT - RHSA-2008:0549

REDHAT - RHSA-2008:0547

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-23.html

CONFIRM - http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

MANDRIVA - MDVSA-2008:136

DEBIAN - DSA-1697

DEBIAN - DSA-1615

DEBIAN - DSA-1607

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0216

SUNALERT - 256408

SLACKWARE - SSA:2008-191

SLACKWARE - SSA:2008-191-03

GENTOO - GLSA-200808-03

SECUNIA - 34501

SECUNIA - 33433

SECUNIA - 31377

SECUNIA - 31195

SECUNIA - 31183

SECUNIA - 31069

SECUNIA - 31023

SECUNIA - 31021

SECUNIA - 31008

SECUNIA - 31005

SECUNIA - 30949

SECUNIA - 30911

SECUNIA - 30903

SECUNIA - 30898

SECUNIA - 30878

REDHAT - RHSA-2008:0616

SUSE - SUSE-SA:2008:034

SECUNIA - 31076


Last Updated: 27 May 2016 10:49:51