Your submission was sent successfully! Close

CVE-2008-2801

Published: 07 July 2008

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.15)
firefox-3.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

iceape
Launchpad, Ubuntu, Debian
Upstream Needs triage

iceweasel
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.15)
seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.10)
xulrunner
Launchpad, Ubuntu, Debian
Upstream Needs triage