Home > Vulnerability Database > CVE-2008-2801

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-2801

Date: July 7, 2008

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

Severity Score

7.3

Related Resources (50)

Url: http://secunia.com/advisories/31023

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=424426

Url: http://secunia.com/advisories/31021

Url: http://secunia.com/advisories/31183

Url: http://secunia.com/advisories/30898

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=424188

Url: http://rhn.redhat.com/errata/RHSA-2008-0616.html

Url: http://secunia.com/advisories/31069

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911

Url: https://issues.rpath.com/browse/RPL-2646

Url: http://www.vupen.com/english/advisories/2009/0977

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-2801

Url: http://secunia.com/advisories/33433

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-2801

Url: http://www.securityfocus.com/archive/1/494080/100/0/threaded

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-23.html

Url: https://access.redhat.com/security/cve/CVE-2008-2801

Url: http://secunia.com/advisories/31377

Url: http://security.gentoo.org/glsa/glsa-200808-03.xml

Url: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

Url: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810

Url: http://www.securityfocus.com/bid/30038

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=418996

Url: http://www.debian.org/security/2008/dsa-1615

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://www.redhat.com/support/errata/RHSA-2008-0547.html

Url: http://secunia.com/advisories/31008

Url: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html

Url: http://secunia.com/advisories/31005

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:136

Url: http://www.redhat.com/support/errata/RHSA-2008-0569.html

Url: http://www.securitytracker.com/id?1020419

Url: http://secunia.com/advisories/30911

Url: http://secunia.com/advisories/30878

Url: http://www.debian.org/security/2008/dsa-1607

Url: http://www.ubuntu.com/usn/usn-619-1

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152

Url: http://secunia.com/advisories/34501

Url: http://secunia.com/advisories/31076

Url: http://secunia.com/advisories/31195

Url: http://wiki.rpath.com/Advisories:rPSA-2008-0216

Url: http://www.redhat.com/support/errata/RHSA-2008-0549.html

Url: http://www.vupen.com/english/advisories/2008/1993/references

Url: http://secunia.com/advisories/30949

Url: http://secunia.com/advisories/30903

Url: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html

Url: https://www.mend.io/vulnerability-database/CVE-2008-2801

Severity Score

7.3

Weakness Type (CWE)

Authentication Issues

CWE-287

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us