Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Software | From | Fixed in |
---|---|---|
mozilla / firefox | - | 2.0.0.14.x |
mozilla / firefox | 2.0 | 2.0.x |
mozilla / firefox | 2.0.0.1 | 2.0.0.1.x |
mozilla / firefox | 2.0.0.10 | 2.0.0.10.x |
mozilla / firefox | 2.0.0.11 | 2.0.0.11.x |
mozilla / firefox | 2.0.0.12 | 2.0.0.12.x |
mozilla / firefox | 2.0.0.13 | 2.0.0.13.x |
mozilla / firefox | 2.0.0.2 | 2.0.0.2.x |
mozilla / firefox | 2.0.0.3 | 2.0.0.3.x |
mozilla / firefox | 2.0.0.4 | 2.0.0.4.x |
mozilla / firefox | 2.0.0.5 | 2.0.0.5.x |
mozilla / firefox | 2.0.0.6 | 2.0.0.6.x |
mozilla / firefox | 2.0.0.7 | 2.0.0.7.x |
mozilla / firefox | 2.0.0.8 | 2.0.0.8.x |
mozilla / firefox | 2.0.0.9 | 2.0.0.9.x |
mozilla / seamonkey | - | 1.1.9.x |
mozilla / seamonkey | 1.1 | 1.1.x |
mozilla / seamonkey | 1.1.2 | 1.1.2.x |
mozilla / seamonkey | 1.1.3 | 1.1.3.x |
mozilla / seamonkey | 1.1.4 | 1.1.4.x |
mozilla / seamonkey | 1.1.5 | 1.1.5.x |
mozilla / seamonkey | 1.1.6 | 1.1.6.x |
mozilla / seamonkey | 1.1.7 | 1.1.7.x |
mozilla / seamonkey | 1.1.8 | 1.1.8.x |