CVE-2008-2806

Current Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

Basic Data

PublishedJuly 07, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox2.0*******
    2.3ApplicationMozillaFirefox2.0beta_1******
    2.3ApplicationMozillaFirefox2.0rc2******
    2.3ApplicationMozillaFirefox2.0rc3******
    2.3ApplicationMozillaFirefox2.0.0.2*******
    2.3ApplicationMozillaFirefox2.0.0.3*******
    2.3ApplicationMozillaFirefox2.0.0.11*******
    2.3ApplicationMozillaFirefox2.0.0.12*******
    2.3ApplicationMozillaFirefox2.0.0.13*******
    2.3ApplicationMozillaFirefox2.0.0.14*******
    2.3ApplicationMozillaFirefox2.0_.1*******
    2.3ApplicationMozillaFirefox2.0_.4*******
    2.3ApplicationMozillaFirefox2.0_.5*******
    2.3ApplicationMozillaFirefox2.0_.6*******
    2.3ApplicationMozillaFirefox2.0_.7*******
    2.3ApplicationMozillaFirefox2.0_.9*******
    2.3ApplicationMozillaFirefox2.0_.10*******
    2.3ApplicationMozillaFirefox2.0_8*******
    2.3ApplicationMozillaSeamonkey1.1beta******
    2.3ApplicationMozillaSeamonkey1.1.1*******
    2.3ApplicationMozillaSeamonkey1.1.2*******
    2.3ApplicationMozillaSeamonkey1.1.3*******
    2.3ApplicationMozillaSeamonkey1.1.4*******
    2.3ApplicationMozillaSeamonkey1.1.5*******
    2.3ApplicationMozillaSeamonkey1.1.6*******
    2.3ApplicationMozillaSeamonkey1.1.7*******
    2.3ApplicationMozillaSeamonkey1.1.8*******
    2.3ApplicationMozillaSeamonkey1.1.9*******
    2.3ApplicationMozillaThunderbird2.0_.4*******
    2.3ApplicationMozillaThunderbird2.0_.5*******
    2.3ApplicationMozillaThunderbird2.0_.6*******
    2.3ApplicationMozillaThunderbird2.0_.9*******
    2.3ApplicationMozillaThunderbird2.0_.12*******
    2.3ApplicationMozillaThunderbird2.0_.13*******
    2.3ApplicationMozillaThunderbird2.0_.14*******
    2.3ApplicationMozillaThunderbird2.0_8*******

Vulnerable Software List

VendorProductVersions
Mozilla Firefox 2.0, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.14, 2.0.0.2, 2.0.0.3, 2.0_.1, 2.0_.10, 2.0_.4, 2.0_.5, 2.0_.6, 2.0_.7, 2.0_.9, 2.0_8
Mozilla Thunderbird 2.0_.12, 2.0_.13, 2.0_.14, 2.0_.4, 2.0_.5, 2.0_.6, 2.0_.9, 2.0_8
Mozilla Seamonkey 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9

References

NameSourceURLTags
SUSE-SA:2008:034http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.htmlSUSE
30898http://secunia.com/advisories/30898SECUNIA
30911http://secunia.com/advisories/30911SECUNIAVendor Advisory
31005http://secunia.com/advisories/31005SECUNIA
31008http://secunia.com/advisories/31008SECUNIA
31021http://secunia.com/advisories/31021SECUNIA
31023http://secunia.com/advisories/31023SECUNIA
31076http://secunia.com/advisories/31076SECUNIA
SSA:2008-191-03http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152SLACKWARE
SSA:2008-191http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911SLACKWARE
http://wiki.rpath.com/Advisories:rPSA-2008-0216http://wiki.rpath.com/Advisories:rPSA-2008-0216CONFIRM
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15CONFIRM
http://www.mozilla.org/security/announce/2008/mfsa2008-28.htmlhttp://www.mozilla.org/security/announce/2008/mfsa2008-28.htmlCONFIRM
20080708 rPSA-2008-0216-1 firefoxhttp://www.securityfocus.com/archive/1/494080/100/0/threadedBUGTRAQ
30038http://www.securityfocus.com/bid/30038BID
1020419http://www.securitytracker.com/id?1020419SECTRACK
USN-619-1http://www.ubuntu.com/usn/usn-619-1UBUNTU
ADV-2008-1993http://www.vupen.com/english/advisories/2008/1993/referencesVUPEN
https://bugzilla.mozilla.org/show_bug.cgi?id=408329https://bugzilla.mozilla.org/show_bug.cgi?id=408329CONFIRM
https://issues.rpath.com/browse/RPL-2646https://issues.rpath.com/browse/RPL-2646CONFIRM
FEDORA-2008-6193https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.htmlFEDORA
FEDORA-2008-6196https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.htmlFEDORA