Lucene search

PRIOn knowledge basePRION:CVE-2008-2801

HistoryJul 07, 2008 - 11:41 p.m.

Code injection

2008-07-0723:41:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.202 Low

EPSS

Percentile

96.2%

JSON

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

CPENameOperatorVersion
firefoxeq2.0.0.12
firefoxeq2.0.0.2
firefoxeq2.0.0.7
firefoxeq2.0.0.9
firefoxeq2.0
firefoxle2.0.0.14
firefoxeq2.0.0.3
firefoxeq2.0.0.6
firefoxeq2.0.0.11
firefoxeq2.0.0.4

Name	Operator	Version
firefox	eq	2.0.0.12
firefox	eq	2.0.0.2
firefox	eq	2.0.0.7
firefox	eq	2.0.0.9
firefox	eq	2.0
firefox	le	2.0.0.14
firefox	eq	2.0.0.3
firefox	eq	2.0.0.6
firefox	eq	2.0.0.11
firefox	eq	2.0.0.4

Rows per page:

1-10 of 241

References

lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html

rhn.redhat.com/errata/RHSA-2008-0616.html

secunia.com/advisories/30878

secunia.com/advisories/30898

secunia.com/advisories/30903

secunia.com/advisories/30911

secunia.com/advisories/30949

secunia.com/advisories/31005

secunia.com/advisories/31008

secunia.com/advisories/31021

secunia.com/advisories/31023

secunia.com/advisories/31069

secunia.com/advisories/31076

secunia.com/advisories/31183

secunia.com/advisories/31195

secunia.com/advisories/31377

secunia.com/advisories/33433

secunia.com/advisories/34501

security.gentoo.org/glsa/glsa-200808-03.xml

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

wiki.rpath.com/Advisories:rPSA-2008-0216

www.debian.org/security/2008/dsa-1607

www.debian.org/security/2008/dsa-1615

www.debian.org/security/2009/dsa-1697

www.mandriva.com/security/advisories?name=MDVSA-2008:136

www.mozilla.org/projects/security/known-vulnerabilities.html

www.mozilla.org/security/announce/2008/mfsa2008-23.html

www.redhat.com/support/errata/RHSA-2008-0547.html

www.redhat.com/support/errata/RHSA-2008-0549.html

www.redhat.com/support/errata/RHSA-2008-0569.html

www.securityfocus.com/archive/1/494080/100/0/threaded

www.securityfocus.com/bid/30038

www.securitytracker.com/id?1020419

www.ubuntu.com/usn/usn-619-1

www.vupen.com/english/advisories/2008/1993/references

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=418996

bugzilla.mozilla.org/show_bug.cgi?id=424188

bugzilla.mozilla.org/show_bug.cgi?id=424426

issues.rpath.com/browse/RPL-2646

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810

www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.202 Low

EPSS

Percentile

96.2%

JSON

Related for PRION:CVE-2008-2801