CVE-2008-2801

Mozilla Firefox < 2.0.0.14 - Authentication Bypass

Title source: rule

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

References (46)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2008-0616.html

[Third Party Advisory] http://secunia.com/advisories/30878

[Third Party Advisory] http://secunia.com/advisories/30898

[Third Party Advisory] http://secunia.com/advisories/30903

[Vendor Advisory] http://secunia.com/advisories/30911

[Third Party Advisory] http://secunia.com/advisories/30949

[Third Party Advisory] http://secunia.com/advisories/31005

[Vendor Advisory] http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152

[Vendor Advisory] http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:136

[Various Sources] http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

[Various Sources] http://www.mozilla.org/security/announce/2008/mfsa2008-23.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0547.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0549.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0569.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/494080/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020419

[Vendor Advisory] http://www.ubuntu.com/usn/usn-619-1

... and 26 more

Scores

EPSS 0.0397

EPSS Percentile 88.2%

Classification

CWE

CWE-287

Status draft

Affected Products (24)

mozilla/firefox < 2.0.0.14

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

... and 9 more

Timeline

Published Jul 07, 2008

Tracked Since Feb 18, 2026