CVE-2008-2801
Firefox < 2.0.0.14 and SeaMonkey < 1.1.9 - Remote Code Execution via JAR Archive JavaScript Injection
Title source: llmDescription
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
References (46)
Core 46
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=418996
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=424188
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=424426
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0549.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1697
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31021
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30898
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0216
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-2646
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30949
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0977
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31069
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31008
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31377
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2008-0616.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1993/references
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31023
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30038
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1607
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200808-03.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31005
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33433
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020419
Various Sources x_refsource_confirm
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31183
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30903
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0547.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1615
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31195
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31076
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-619-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30911
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0569.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30878
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494080/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34501
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
Scores
EPSS
0.0281
EPSS Percentile
84.7%
Details
CWE
CWE-287
Status
published
Products (24)
mozilla/firefox
2.0
mozilla/firefox
2.0.0.1
mozilla/firefox
2.0.0.2
mozilla/firefox
2.0.0.3
mozilla/firefox
2.0.0.4
mozilla/firefox
2.0.0.5
mozilla/firefox
2.0.0.6
mozilla/firefox
2.0.0.7
mozilla/firefox
2.0.0.8
mozilla/firefox
2.0.0.9
... and 14 more
Published
Jul 07, 2008
Tracked Since
Feb 18, 2026