CVE-2008-2806

EPSS 0.92%
Published 07.07.2008 23:41:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

Affected products Warnungen 0 Metrics 2 CWE 1 References 25

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version2.0

Mozilla ≫ Firefox Version2.0 Updatebeta_1

Mozilla ≫ Firefox Version2.0 Updaterc2

Mozilla ≫ Firefox Version2.0 Updaterc3

Mozilla ≫ Firefox Version2.0.0.2

Mozilla ≫ Firefox Version2.0.0.3

Mozilla ≫ Firefox Version2.0.0.11

Mozilla ≫ Firefox Version2.0.0.12

Mozilla ≫ Firefox Version2.0.0.13

Mozilla ≫ Firefox Version2.0.0.14

Mozilla ≫ Firefox Version2.0_.1

Mozilla ≫ Firefox Version2.0_.4

Mozilla ≫ Firefox Version2.0_.5

Mozilla ≫ Firefox Version2.0_.6

Mozilla ≫ Firefox Version2.0_.7

Mozilla ≫ Firefox Version2.0_.9

Mozilla ≫ Firefox Version2.0_.10

Mozilla ≫ Firefox Version2.0_8

Mozilla ≫ Seamonkey Version1.1 Updatebeta

Mozilla ≫ Seamonkey Version1.1.1

Mozilla ≫ Seamonkey Version1.1.2

Mozilla ≫ Seamonkey Version1.1.3

Mozilla ≫ Seamonkey Version1.1.4

Mozilla ≫ Seamonkey Version1.1.5

Mozilla ≫ Seamonkey Version1.1.6

Mozilla ≫ Seamonkey Version1.1.7

Mozilla ≫ Seamonkey Version1.1.8

Mozilla ≫ Seamonkey Version1.1.9

Mozilla ≫ Thunderbird Version2.0_.4

Mozilla ≫ Thunderbird Version2.0_.5

Mozilla ≫ Thunderbird Version2.0_.6

Mozilla ≫ Thunderbird Version2.0_.9

Mozilla ≫ Thunderbird Version2.0_.12

Mozilla ≫ Thunderbird Version2.0_.13

Mozilla ≫ Thunderbird Version2.0_.14

Mozilla ≫ Thunderbird Version2.0_8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.92%	0.739

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/31023

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html

http://secunia.com/advisories/30898

http://secunia.com/advisories/30911

Vendor Advisory

http://secunia.com/advisories/31005

http://secunia.com/advisories/31008

http://secunia.com/advisories/31021

http://secunia.com/advisories/31076

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911

http://wiki.rpath.com/Advisories:rPSA-2008-0216