CVE-2008-1240 — Mozilla Firefox vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

4.9%

top 10.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedMar 28

Latest updateMay 1

Description

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox2.0.0.12

▶NVDmozilla/seamonkey1.1.8

🔴Vulnerability Details

GHSA

GHSA-8mpj-g6c5-r6j3: LiveConnect in Mozilla Firefox before 2↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2008-03-26

▶