Mozilla Firefox Signed JAR Tampering Vulnerability
Gravità: : Alto
Identificatori CVE: CVE-2008-2801
Data notifica: 21 luglio 2015
Descrizione
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1002619
Trend Micro Deep Security DPI Rule Name: 1002619 - Mozilla Firefox Signed JAR Tampering Vulnerability
Software e versione interessati:
- Mozilla Firefox 2.0
- Mozilla Firefox 2.0.0.1
- Mozilla Firefox 2.0.0.10
- Mozilla Firefox 2.0.0.11
- Mozilla Firefox 2.0.0.12
- Mozilla Firefox 2.0.0.13
- Mozilla Firefox 2.0.0.14
- Mozilla Firefox 2.0.0.2
- Mozilla Firefox 2.0.0.3
- Mozilla Firefox 2.0.0.4
- Mozilla Firefox 2.0.0.5
- Mozilla Firefox 2.0.0.6
- Mozilla Firefox 2.0.0.7
- Mozilla Firefox 2.0.0.8
- Mozilla Firefox 2.0.0.9
- Mozilla Seamonkey 1.1
- Mozilla Seamonkey 1.1.2
- Mozilla Seamonkey 1.1.3
- Mozilla Seamonkey 1.1.4
- Mozilla Seamonkey 1.1.5
- Mozilla Seamonkey 1.1.6
- Mozilla Seamonkey 1.1.7
- Mozilla Seamonkey 1.1.8
- Mozilla Seamonkey 1.1.9