1. Home
  2. Vulnerabilities
  3. CVE-2008-2801

CVE-2008-2801

CVSS v2.0 7.5 (High)
75% Progress
EPSS 55.83 % (98th)
55.83% Progress
Affected Products 2
Advisories 6
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

Weaknesses
CWE-287
Improper Authentication
Related CVEs
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-07-07 23:41:00
(16 years ago)
Updated Date
2018-10-11 20:43:31
(6 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 2.0.0.14 and prior versions cpe:2.3:a:mozilla:firefox <= 2.0.0.14
  Mozilla Firefox 2.0 cpe:2.3:a:mozilla:firefox:2.0
  Mozilla Firefox 2.0.0.1 cpe:2.3:a:mozilla:firefox:2.0.0.1
  Mozilla Firefox 2.0.0.2 cpe:2.3:a:mozilla:firefox:2.0.0.2
  Mozilla Firefox 2.0.0.3 cpe:2.3:a:mozilla:firefox:2.0.0.3
  Mozilla Firefox 2.0.0.4 cpe:2.3:a:mozilla:firefox:2.0.0.4
  Mozilla Firefox 2.0.0.5 cpe:2.3:a:mozilla:firefox:2.0.0.5
  Mozilla Firefox 2.0.0.6 cpe:2.3:a:mozilla:firefox:2.0.0.6
  Mozilla Firefox 2.0.0.7 cpe:2.3:a:mozilla:firefox:2.0.0.7
  Mozilla Firefox 2.0.0.8 cpe:2.3:a:mozilla:firefox:2.0.0.8
  Mozilla Firefox 2.0.0.9 cpe:2.3:a:mozilla:firefox:2.0.0.9
  Mozilla Firefox 2.0.0.10 cpe:2.3:a:mozilla:firefox:2.0.0.10
  Mozilla Firefox 2.0.0.11 cpe:2.3:a:mozilla:firefox:2.0.0.11
  Mozilla Firefox 2.0.0.12 cpe:2.3:a:mozilla:firefox:2.0.0.12
  Mozilla Firefox 2.0.0.13 cpe:2.3:a:mozilla:firefox:2.0.0.13
  Mozilla Seamonkey 1.1.9 and prior versions cpe:2.3:a:mozilla:seamonkey <= 1.1.9
  Mozilla Seamonkey 1.1 cpe:2.3:a:mozilla:seamonkey:1.1
  Mozilla Seamonkey 1.1.2 cpe:2.3:a:mozilla:seamonkey:1.1.2
  Mozilla Seamonkey 1.1.3 cpe:2.3:a:mozilla:seamonkey:1.1.3
  Mozilla Seamonkey 1.1.4 cpe:2.3:a:mozilla:seamonkey:1.1.4
  Mozilla Seamonkey 1.1.5 cpe:2.3:a:mozilla:seamonkey:1.1.5
  Mozilla Seamonkey 1.1.6 cpe:2.3:a:mozilla:seamonkey:1.1.6
  Mozilla Seamonkey 1.1.7 cpe:2.3:a:mozilla:seamonkey:1.1.7
  Mozilla Seamonkey 1.1.8 cpe:2.3:a:mozilla:seamonkey:1.1.8