CVE-2008-2801

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
References
Link Resource
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
https://bugzilla.mozilla.org/show_bug.cgi?id=418996
https://bugzilla.mozilla.org/show_bug.cgi?id=424188
https://bugzilla.mozilla.org/show_bug.cgi?id=424426
http://www.ubuntu.com/usn/usn-619-1
http://www.securityfocus.com/bid/30038
http://secunia.com/advisories/30911 Vendor Advisory
http://secunia.com/advisories/30878
http://www.debian.org/security/2008/dsa-1615
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
http://secunia.com/advisories/31195
http://www.redhat.com/support/errata/RHSA-2008-0549.html
http://secunia.com/advisories/31023
http://secunia.com/advisories/30898
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
http://secunia.com/advisories/30949
http://secunia.com/advisories/30903
http://rhn.redhat.com/errata/RHSA-2008-0616.html
http://secunia.com/advisories/31005
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
http://secunia.com/advisories/31183
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
http://secunia.com/advisories/31008
https://issues.rpath.com/browse/RPL-2646
http://www.debian.org/security/2008/dsa-1607
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
http://www.securitytracker.com/id?1020419
http://secunia.com/advisories/31069
http://security.gentoo.org/glsa/glsa-200808-03.xml
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
http://www.redhat.com/support/errata/RHSA-2008-0569.html
http://www.redhat.com/support/errata/RHSA-2008-0547.html
http://secunia.com/advisories/31377
http://wiki.rpath.com/Advisories:rPSA-2008-0216
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
http://secunia.com/advisories/31021
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/33433
http://www.vupen.com/english/advisories/2009/0977
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2008/1993/references
http://secunia.com/advisories/31076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810
http://www.securityfocus.com/archive/1/494080/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

Information

Published : 2008-07-07 11:41

Updated : 2018-10-11 08:43


NVD link : CVE-2008-2801

Mitre link : CVE-2008-2801

Products Affected
No products.
CWE