Trend Micro Security

Mozilla Firefox Signed JAR Tampering Vulnerability

  危険度: :
  CVE識別番号: CVE-2008-2801

  概要

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1002619
  Trend Micro Deep Security DPI Rule Name: 1002619 - Mozilla Firefox Signed JAR Tampering Vulnerability

  影響を受けるソフトウェア

  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0.0.1
  • Mozilla Firefox 2.0.0.10
  • Mozilla Firefox 2.0.0.11
  • Mozilla Firefox 2.0.0.12
  • Mozilla Firefox 2.0.0.13
  • Mozilla Firefox 2.0.0.14
  • Mozilla Firefox 2.0.0.2
  • Mozilla Firefox 2.0.0.3
  • Mozilla Firefox 2.0.0.4
  • Mozilla Firefox 2.0.0.5
  • Mozilla Firefox 2.0.0.6
  • Mozilla Firefox 2.0.0.7
  • Mozilla Firefox 2.0.0.8
  • Mozilla Firefox 2.0.0.9
  • Mozilla Seamonkey 1.1
  • Mozilla Seamonkey 1.1.2
  • Mozilla Seamonkey 1.1.3
  • Mozilla Seamonkey 1.1.4
  • Mozilla Seamonkey 1.1.5
  • Mozilla Seamonkey 1.1.6
  • Mozilla Seamonkey 1.1.7
  • Mozilla Seamonkey 1.1.8
  • Mozilla Seamonkey 1.1.9