CVE-2008-2801 Information

Feb 14, 2021 cve

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

Reference

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/31023 http://secunia.com/advisories/31069 http://secunia.com/advisories/31076 http://secunia.com/advisories/31183 http://secunia.com/advisories/31195 http://secunia.com/advisories/31377 http://secunia.com/advisories/33433 http://secunia.com/advisories/34501 http://security.gentoo.org/glsa/glsa-200808-03.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://wiki.rpath.com/Advisories:rPSA-2008-0216 http://www.debian.org/security/2008/dsa-1607 http://www.debian.org/security/2008/dsa-1615 http://www.debian.org/security/2009/dsa-1697 http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 http://www.mozilla.org/projects/security/known-vulnerabilities.htmlfirefox2.0.0.15 http://www.mozilla.org/security/announce/2008/mfsa2008-23.html http://www.redhat.com/support/errata/RHSA-2008-0547.html http://www.redhat.com/support/errata/RHSA-2008-0549.html http://www.redhat.com/support/errata/RHSA-2008-0569.html http://www.securityfocus.com/archive/1/494080/100/0/threaded http://www.securityfocus.com/bid/30038 http://www.securitytracker.com/id?1020419 http://www.ubuntu.com/usn/usn-619-1 http://www.vupen.com/english/advisories/2008/1993/references http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=418996 https://bugzilla.mozilla.org/show_bug.cgi?id=424188 https://bugzilla.mozilla.org/show_bug.cgi?id=424426 https://issues.rpath.com/browse/RPL-2646 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11810 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html

Share on: