7.5

CVE-2008-2801

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.14
MozillaFirefox Version2.0
MozillaFirefox Version2.0.0.1
MozillaFirefox Version2.0.0.2
MozillaFirefox Version2.0.0.3
MozillaFirefox Version2.0.0.4
MozillaFirefox Version2.0.0.5
MozillaFirefox Version2.0.0.6
MozillaFirefox Version2.0.0.7
MozillaFirefox Version2.0.0.8
MozillaFirefox Version2.0.0.9
MozillaFirefox Version2.0.0.10
MozillaFirefox Version2.0.0.11
MozillaFirefox Version2.0.0.12
MozillaFirefox Version2.0.0.13
MozillaSeamonkey Version <= 1.1.9
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1.2
MozillaSeamonkey Version1.1.3
MozillaSeamonkey Version1.1.4
MozillaSeamonkey Version1.1.5
MozillaSeamonkey Version1.1.6
MozillaSeamonkey Version1.1.7
MozillaSeamonkey Version1.1.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.81% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/33433
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/31023
http://secunia.com/advisories/31377
http://security.gentoo.org/glsa/glsa-200808-03.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
http://rhn.redhat.com/errata/RHSA-2008-0616.html
http://secunia.com/advisories/31183
http://secunia.com/advisories/31195
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.debian.org/security/2008/dsa-1615
http://www.vupen.com/english/advisories/2009/0977
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
http://secunia.com/advisories/30878
http://secunia.com/advisories/30898
http://secunia.com/advisories/30903
http://secunia.com/advisories/30911
Vendor Advisory
http://secunia.com/advisories/30949
http://secunia.com/advisories/31005
http://secunia.com/advisories/31008
http://secunia.com/advisories/31021
http://secunia.com/advisories/31069
http://secunia.com/advisories/31076
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
http://wiki.rpath.com/Advisories:rPSA-2008-0216
http://www.debian.org/security/2008/dsa-1607
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
http://www.redhat.com/support/errata/RHSA-2008-0547.html
http://www.redhat.com/support/errata/RHSA-2008-0549.html
http://www.redhat.com/support/errata/RHSA-2008-0569.html
http://www.securityfocus.com/archive/1/494080/100/0/threaded
http://www.securityfocus.com/bid/30038
http://www.securitytracker.com/id?1020419
http://www.ubuntu.com/usn/usn-619-1
http://www.vupen.com/english/advisories/2008/1993/references
https://issues.rpath.com/browse/RPL-2646
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
https://bugzilla.mozilla.org/show_bug.cgi?id=418996
https://bugzilla.mozilla.org/show_bug.cgi?id=424188
https://bugzilla.mozilla.org/show_bug.cgi?id=424426
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810