Mozilla Firefox Signed JAR Tampering Vulnerability

  Severity: HIGH
  CVE Identifier: CVE-2008-2801
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1002619
  Trend Micro Deep Security DPI Rule Name: 1002619 - Mozilla Firefox Signed JAR Tampering Vulnerability

  AFFECTED SOFTWARE AND VERSION

  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0.0.1
  • Mozilla Firefox 2.0.0.10
  • Mozilla Firefox 2.0.0.11
  • Mozilla Firefox 2.0.0.12
  • Mozilla Firefox 2.0.0.13
  • Mozilla Firefox 2.0.0.14
  • Mozilla Firefox 2.0.0.2
  • Mozilla Firefox 2.0.0.3
  • Mozilla Firefox 2.0.0.4
  • Mozilla Firefox 2.0.0.5
  • Mozilla Firefox 2.0.0.6
  • Mozilla Firefox 2.0.0.7
  • Mozilla Firefox 2.0.0.8
  • Mozilla Firefox 2.0.0.9
  • Mozilla Seamonkey 1.1
  • Mozilla Seamonkey 1.1.2
  • Mozilla Seamonkey 1.1.3
  • Mozilla Seamonkey 1.1.4
  • Mozilla Seamonkey 1.1.5
  • Mozilla Seamonkey 1.1.6
  • Mozilla Seamonkey 1.1.7
  • Mozilla Seamonkey 1.1.8
  • Mozilla Seamonkey 1.1.9

Featured Stories