CVE Vulnerabilities

CVE-2008-2801

Improper Authentication

Published: Jul 07, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 2.0 2.0
Firefox Mozilla 2.0.0.1 2.0.0.1
Firefox Mozilla 2.0.0.2 2.0.0.2
Firefox Mozilla 2.0.0.3 2.0.0.3
Firefox Mozilla 2.0.0.4 2.0.0.4
Firefox Mozilla 2.0.0.5 2.0.0.5
Firefox Mozilla 2.0.0.6 2.0.0.6
Firefox Mozilla 2.0.0.7 2.0.0.7
Firefox Mozilla 2.0.0.8 2.0.0.8
Firefox Mozilla 2.0.0.9 2.0.0.9
Firefox Mozilla 2.0.0.10 2.0.0.10
Firefox Mozilla 2.0.0.11 2.0.0.11
Firefox Mozilla 2.0.0.12 2.0.0.12
Firefox Mozilla 2.0.0.13 2.0.0.13
Firefox Mozilla * 2.0.0.14
Seamonkey Mozilla 1.1 1.1
Seamonkey Mozilla 1.1.2 1.1.2
Seamonkey Mozilla 1.1.3 1.1.3
Seamonkey Mozilla 1.1.4 1.1.4
Seamonkey Mozilla 1.1.5 1.1.5
Seamonkey Mozilla 1.1.6 1.1.6
Seamonkey Mozilla 1.1.7 1.1.7
Seamonkey Mozilla 1.1.8 1.1.8
Seamonkey Mozilla * 1.1.9
Red Hat Enterprise Linux 2.1 RedHat seamonkey-0:1.0.9-0.17.el2 *
Red Hat Enterprise Linux 3 RedHat seamonkey-0:1.0.9-0.20.el3 *
Red Hat Enterprise Linux 4 RedHat seamonkey-0:1.0.9-16.3.el4_6 *
Red Hat Enterprise Linux 4 RedHat firefox-0:1.5.0.12-0.19.el4 *
Red Hat Enterprise Linux 4 RedHat thunderbird-0:1.5.0.12-14.el4 *
Red Hat Enterprise Linux 5 RedHat devhelp-0:0.12-17.el5 *
Red Hat Enterprise Linux 5 RedHat firefox-0:3.0-2.el5 *
Red Hat Enterprise Linux 5 RedHat xulrunner-0:1.9-1.el5 *
Red Hat Enterprise Linux 5 RedHat yelp-0:2.16.0-19.el5 *
Red Hat Enterprise Linux 5 RedHat thunderbird-0:2.0.0.16-1.el5 *
Firefox Ubuntu dapper *
Firefox Ubuntu feisty *
Firefox Ubuntu gutsy *
Firefox Ubuntu hardy *
Firefox Ubuntu upstream *
Firefox-3.0 Ubuntu gutsy *
Iceape Ubuntu gutsy *
Iceweasel Ubuntu upstream *
Seamonkey Ubuntu devel *
Seamonkey Ubuntu hardy *
Seamonkey Ubuntu intrepid *
Seamonkey Ubuntu jaunty *
Seamonkey Ubuntu karmic *
Seamonkey Ubuntu lucid *
Seamonkey Ubuntu maverick *
Seamonkey Ubuntu natty *
Seamonkey Ubuntu upstream *
Xulrunner Ubuntu feisty *
Xulrunner Ubuntu gutsy *
Xulrunner Ubuntu hardy *
Xulrunner Ubuntu intrepid *
Xulrunner Ubuntu jaunty *
Xulrunner Ubuntu karmic *

Potential Mitigations

References