CVE-2008-2801

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

Software From Fixed in
mozilla / firefox - 2.0.0.14.x
mozilla / firefox 2.0 2.0.x
mozilla / firefox 2.0.0.1 2.0.0.1.x
mozilla / firefox 2.0.0.10 2.0.0.10.x
mozilla / firefox 2.0.0.11 2.0.0.11.x
mozilla / firefox 2.0.0.12 2.0.0.12.x
mozilla / firefox 2.0.0.13 2.0.0.13.x
mozilla / firefox 2.0.0.2 2.0.0.2.x
mozilla / firefox 2.0.0.3 2.0.0.3.x
mozilla / firefox 2.0.0.4 2.0.0.4.x
mozilla / firefox 2.0.0.5 2.0.0.5.x
mozilla / firefox 2.0.0.6 2.0.0.6.x
mozilla / firefox 2.0.0.7 2.0.0.7.x
mozilla / firefox 2.0.0.8 2.0.0.8.x
mozilla / firefox 2.0.0.9 2.0.0.9.x
mozilla / seamonkey - 1.1.9.x
mozilla / seamonkey 1.1 1.1.x
mozilla / seamonkey 1.1.2 1.1.2.x
mozilla / seamonkey 1.1.3 1.1.3.x
mozilla / seamonkey 1.1.4 1.1.4.x
mozilla / seamonkey 1.1.5 1.1.5.x
mozilla / seamonkey 1.1.6 1.1.6.x
mozilla / seamonkey 1.1.7 1.1.7.x
mozilla / seamonkey 1.1.8 1.1.8.x