CVE-2008-2801

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

CVSS v2.0 7.5

7.5^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References

Link	Resource
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
https://bugzilla.mozilla.org/show_bug.cgi?id=418996
https://bugzilla.mozilla.org/show_bug.cgi?id=424188
https://bugzilla.mozilla.org/show_bug.cgi?id=424426
http://www.ubuntu.com/usn/usn-619-1
http://www.securityfocus.com/bid/30038
http://secunia.com/advisories/30911	Vendor Advisory
http://secunia.com/advisories/30878
http://www.debian.org/security/2008/dsa-1615
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
http://secunia.com/advisories/31195
http://www.redhat.com/support/errata/RHSA-2008-0549.html
http://secunia.com/advisories/31023
http://secunia.com/advisories/30898
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
http://secunia.com/advisories/30949
http://secunia.com/advisories/30903
http://rhn.redhat.com/errata/RHSA-2008-0616.html
http://secunia.com/advisories/31005
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
http://secunia.com/advisories/31183
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
http://secunia.com/advisories/31008
https://issues.rpath.com/browse/RPL-2646
http://www.debian.org/security/2008/dsa-1607
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
http://www.securitytracker.com/id?1020419
http://secunia.com/advisories/31069
http://security.gentoo.org/glsa/glsa-200808-03.xml
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
http://www.redhat.com/support/errata/RHSA-2008-0569.html
http://www.redhat.com/support/errata/RHSA-2008-0547.html
http://secunia.com/advisories/31377
http://wiki.rpath.com/Advisories:rPSA-2008-0216
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
http://secunia.com/advisories/31021
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/33433
http://www.vupen.com/english/advisories/2009/0977
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2008/1993/references
http://secunia.com/advisories/31076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810
http://www.securityfocus.com/archive/1/494080/100/0/threaded

Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2008-07-07 11:41

Updated : 2018-10-11 08:43

NVD link : CVE-2008-2801

Mitre link : CVE-2008-2801

Products Affected

No products.

CWE

CWE-287