CVE Vulnerabilities


Improper Authentication

Published: Jul 07, 2008 | Modified: Oct 11, 2018
CVSS 3.x
CVSS 2.x
7.5 HIGH

Mozilla Firefox before and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.


When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla
Seamonkey Mozilla * 1.1.9
Seamonkey Mozilla 1.1.8 1.1.8
Seamonkey Mozilla 1.1.7 1.1.7
Seamonkey Mozilla 1.1.3 1.1.3
Firefox Mozilla
Seamonkey Mozilla 1.1.5 1.1.5
Firefox Mozilla
Seamonkey Mozilla 1.1 1.1
Firefox Mozilla
Seamonkey Mozilla 1.1.2 1.1.2
Firefox Mozilla 2.0 2.0
Firefox Mozilla *
Firefox Mozilla
Firefox Mozilla
Seamonkey Mozilla 1.1.6 1.1.6
Firefox Mozilla
Firefox Mozilla
Firefox Mozilla
Firefox Mozilla
Firefox Mozilla
Firefox Mozilla
Firefox Mozilla
Seamonkey Mozilla 1.1.4 1.1.4
Firefox Ubuntu dapper *
Firefox Ubuntu feisty *
Firefox Ubuntu gutsy *
Firefox Ubuntu hardy *
Firefox Ubuntu upstream *
Firefox-3.0 Ubuntu gutsy *
Iceape Ubuntu gutsy *
Iceweasel Ubuntu upstream *
Seamonkey Ubuntu devel *
Seamonkey Ubuntu hardy *
Seamonkey Ubuntu intrepid *
Seamonkey Ubuntu jaunty *
Seamonkey Ubuntu karmic *
Seamonkey Ubuntu lucid *
Seamonkey Ubuntu maverick *
Seamonkey Ubuntu natty *
Seamonkey Ubuntu upstream *
Xulrunner Ubuntu feisty *
Xulrunner Ubuntu gutsy *
Xulrunner Ubuntu hardy *
Xulrunner Ubuntu intrepid *
Xulrunner Ubuntu jaunty *
Xulrunner Ubuntu karmic *

Potential Mitigations