Mozilla Firefox Signed JAR Tampering Vulnerability
Schweregrad: : Alto
Identificador(es) CVE: : CVE-2008-2801
Data do informe: 21 julho 2015
Descrição
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1002619
Trend Micro Deep Security DPI Rule Name: 1002619 - Mozilla Firefox Signed JAR Tampering Vulnerability
Software infectado e versão:
- Mozilla Firefox 2.0
- Mozilla Firefox 2.0.0.1
- Mozilla Firefox 2.0.0.10
- Mozilla Firefox 2.0.0.11
- Mozilla Firefox 2.0.0.12
- Mozilla Firefox 2.0.0.13
- Mozilla Firefox 2.0.0.14
- Mozilla Firefox 2.0.0.2
- Mozilla Firefox 2.0.0.3
- Mozilla Firefox 2.0.0.4
- Mozilla Firefox 2.0.0.5
- Mozilla Firefox 2.0.0.6
- Mozilla Firefox 2.0.0.7
- Mozilla Firefox 2.0.0.8
- Mozilla Firefox 2.0.0.9
- Mozilla Seamonkey 1.1
- Mozilla Seamonkey 1.1.2
- Mozilla Seamonkey 1.1.3
- Mozilla Seamonkey 1.1.4
- Mozilla Seamonkey 1.1.5
- Mozilla Seamonkey 1.1.6
- Mozilla Seamonkey 1.1.7
- Mozilla Seamonkey 1.1.8
- Mozilla Seamonkey 1.1.9