LiveConnect in Mozilla Firefox prior to 2.0.0.13 and SeaMonkey prior to 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote malicious users to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla seamonkey |