CVE Vulnerabilities

CVE-2008-2801

Improper Authentication

Published: Jul 07, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 2.0.0.12 2.0.0.12
Seamonkey Mozilla * 1.1.9
Seamonkey Mozilla 1.1.8 1.1.8
Seamonkey Mozilla 1.1.7 1.1.7
Seamonkey Mozilla 1.1.3 1.1.3
Firefox Mozilla 2.0.0.2 2.0.0.2
Seamonkey Mozilla 1.1.5 1.1.5
Firefox Mozilla 2.0.0.7 2.0.0.7
Seamonkey Mozilla 1.1 1.1
Firefox Mozilla 2.0.0.9 2.0.0.9
Seamonkey Mozilla 1.1.2 1.1.2
Firefox Mozilla 2.0 2.0
Firefox Mozilla * 2.0.0.14
Firefox Mozilla 2.0.0.3 2.0.0.3
Firefox Mozilla 2.0.0.6 2.0.0.6
Seamonkey Mozilla 1.1.6 1.1.6
Firefox Mozilla 2.0.0.11 2.0.0.11
Firefox Mozilla 2.0.0.4 2.0.0.4
Firefox Mozilla 2.0.0.13 2.0.0.13
Firefox Mozilla 2.0.0.1 2.0.0.1
Firefox Mozilla 2.0.0.8 2.0.0.8
Firefox Mozilla 2.0.0.5 2.0.0.5
Firefox Mozilla 2.0.0.10 2.0.0.10
Seamonkey Mozilla 1.1.4 1.1.4

Potential Mitigations

References