CVE-2008-2806 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 23.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedJul 7

Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox15 versions+14

▶NVDmozilla/seamonkey10 versions+9

▶NVDmozilla/thunderbird8 versions+7

🔴Vulnerability Details

GHSA

GHSA-3x7r-r5xh-2v32: Mozilla Firefox before 2↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2008-07-02

▶