7.5
CVE-2008-2801
- EPSS 2.81%
- Veröffentlicht 07.07.2008 23:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:29
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.81% | 0.847 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://secunia.com/advisories/33433
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/31023
http://secunia.com/advisories/31377
http://security.gentoo.org/glsa/glsa-200808-03.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
http://rhn.redhat.com/errata/RHSA-2008-0616.html
http://secunia.com/advisories/31183
http://secunia.com/advisories/31195
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.debian.org/security/2008/dsa-1615
http://www.vupen.com/english/advisories/2009/0977
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
http://secunia.com/advisories/30878
http://secunia.com/advisories/30898
http://secunia.com/advisories/30903
http://secunia.com/advisories/30911
http://secunia.com/advisories/30949
http://secunia.com/advisories/31005
http://secunia.com/advisories/31008
http://secunia.com/advisories/31021
http://secunia.com/advisories/31069
http://secunia.com/advisories/31076
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
http://wiki.rpath.com/Advisories:rPSA-2008-0216
http://www.debian.org/security/2008/dsa-1607
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
http://www.redhat.com/support/errata/RHSA-2008-0547.html
http://www.redhat.com/support/errata/RHSA-2008-0549.html
http://www.redhat.com/support/errata/RHSA-2008-0569.html
http://www.securityfocus.com/archive/1/494080/100/0/threaded
http://www.securityfocus.com/bid/30038
http://www.securitytracker.com/id?1020419
http://www.ubuntu.com/usn/usn-619-1
http://www.vupen.com/english/advisories/2008/1993/references
https://issues.rpath.com/browse/RPL-2646
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
https://bugzilla.mozilla.org/show_bug.cgi?id=418996
https://bugzilla.mozilla.org/show_bug.cgi?id=424188
https://bugzilla.mozilla.org/show_bug.cgi?id=424426
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810