Mozilla Firefox Signed JAR Tampering Vulnerability
Gravedad: High
Identificadores de CVE : CVE-2008-2801
Fecha recomendada: 21 de julio de 2015
Descripción
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1002619
Trend Micro Deep Security DPI Rule Name: 1002619 - Mozilla Firefox Signed JAR Tampering Vulnerability
Software y versión afectados
- Mozilla Firefox 2.0
- Mozilla Firefox 2.0.0.1
- Mozilla Firefox 2.0.0.10
- Mozilla Firefox 2.0.0.11
- Mozilla Firefox 2.0.0.12
- Mozilla Firefox 2.0.0.13
- Mozilla Firefox 2.0.0.14
- Mozilla Firefox 2.0.0.2
- Mozilla Firefox 2.0.0.3
- Mozilla Firefox 2.0.0.4
- Mozilla Firefox 2.0.0.5
- Mozilla Firefox 2.0.0.6
- Mozilla Firefox 2.0.0.7
- Mozilla Firefox 2.0.0.8
- Mozilla Firefox 2.0.0.9
- Mozilla Seamonkey 1.1
- Mozilla Seamonkey 1.1.2
- Mozilla Seamonkey 1.1.3
- Mozilla Seamonkey 1.1.4
- Mozilla Seamonkey 1.1.5
- Mozilla Seamonkey 1.1.6
- Mozilla Seamonkey 1.1.7
- Mozilla Seamonkey 1.1.8
- Mozilla Seamonkey 1.1.9