CVE-2008-2801
Published: 7 July 2008
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1)
|
feisty |
Released
(2.0.0.15+0nobinonly-0ubuntu0.7.4 )
|
|
gutsy |
Released
(2.0.0.15+1nobinonly-0ubuntu0.7.10)
|
|
hardy |
Released
(2.0.0.15+1nobinonly-0ubuntu0.8.04.2)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Not vulnerable
(3.0+nobinonly-0ubuntu0.8.04.1)
|
|
maverick |
Not vulnerable
(3.0+nobinonly-0ubuntu0.8.04.1)
|
|
natty |
Not vulnerable
(3.0+nobinonly-0ubuntu0.8.04.1)
|
|
upstream |
Released
(2.0.0.15)
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(3.0+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Not vulnerable
(3.0+nobinonly-0ubuntu2)
|
|
jaunty |
Not vulnerable
(3.0+nobinonly-0ubuntu2)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
iceweasel Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(2.0.0.15)
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(1.1.12+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.1.11+nobinonly-0ubuntu1)
|
|
jaunty |
Released
(1.1.11+nobinonly-0ubuntu1)
|
|
karmic |
Released
(1.1.11+nobinonly-0ubuntu1)
|
|
lucid |
Released
(1.1.11+nobinonly-0ubuntu1)
|
|
maverick |
Released
(1.1.11+nobinonly-0ubuntu1)
|
|
natty |
Released
(1.1.11+nobinonly-0ubuntu1)
|
|
upstream |
Released
(1.1.10)
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
|
|
hardy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|