CVE-2008-2801Improper Authentication in Mozilla Firefox

CWE-287Improper Authentication9 documents6 sources
Severity
9.3CRITICALNVD
NVD7.5CNA7.5
EPSS
4.0%
top 11.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedJul 7
Latest updateMay 17

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmozilla/firefox2.0.0.14+17
NVDmozilla/seamonkey1.1.9+21

🔴Vulnerability Details

4
GHSA
GHSA-w8jh-c865-62qv: The implementation of digital signatures for JAR files in Mozilla Firefox 42022-05-17
GHSA
GHSA-gcjc-g9wr-67f2: Mozilla Firefox before 22022-05-01
CVEList
CVE-2011-2993: The implementation of digital signatures for JAR files in Mozilla Firefox 42011-08-18
CVEList
CVE-2008-2801: Mozilla Firefox before 22008-07-07

📋Vendor Advisories

2
Red Hat
Firefox arbitrary signed JAR code execution2008-07-02
Ubuntu
Firefox vulnerabilities2008-07-02

💬Community

1
Bugzilla
CVE-2008-2801 Firefox arbitrary signed JAR code execution2008-06-24
CVE-2008-2801 — Improper Authentication in Mozilla | cvebase