CVE-2008-2801

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

Published: Jul 8, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-2801
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
mozilla / firefox	2.0.0.12	2.0.0.12.x
mozilla / seamonkey	-	1.1.9.x
mozilla / seamonkey	1.1.8	1.1.8.x
mozilla / seamonkey	1.1.7	1.1.7.x
mozilla / seamonkey	1.1.3	1.1.3.x
mozilla / firefox	2.0.0.2	2.0.0.2.x
mozilla / seamonkey	1.1.5	1.1.5.x
mozilla / firefox	2.0.0.7	2.0.0.7.x
mozilla / seamonkey	1.1	1.1.x
mozilla / firefox	2.0.0.9	2.0.0.9.x
mozilla / seamonkey	1.1.2	1.1.2.x
mozilla / firefox	2.0	2.0.x
mozilla / firefox	-	2.0.0.14.x
mozilla / firefox	2.0.0.3	2.0.0.3.x
mozilla / firefox	2.0.0.6	2.0.0.6.x
mozilla / seamonkey	1.1.6	1.1.6.x
mozilla / firefox	2.0.0.11	2.0.0.11.x
mozilla / firefox	2.0.0.4	2.0.0.4.x
mozilla / firefox	2.0.0.13	2.0.0.13.x
mozilla / firefox	2.0.0.1	2.0.0.1.x
mozilla / firefox	2.0.0.8	2.0.0.8.x
mozilla / firefox	2.0.0.5	2.0.0.5.x
mozilla / firefox	2.0.0.10	2.0.0.10.x
mozilla / seamonkey	1.1.4	1.1.4.x

Vulnerability Database

290,278

CVE-2008-2801