The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x prior to 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote malicious users to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 4.0 |
||
mozilla firefox 4.0.1 |
||
mozilla firefox 5.0 |
||
mozilla seamonkey 2.0.10 |
||
mozilla seamonkey 2.0.6 |
||
mozilla seamonkey 2.0.1 |
||
mozilla seamonkey 2.0 |
||
mozilla seamonkey 2.1 |
||
mozilla seamonkey 2.0.5 |
||
mozilla seamonkey 2.0.3 |
||
mozilla seamonkey 2.0.4 |
||
mozilla seamonkey 2.0.8 |
||
mozilla seamonkey 2.0.2 |
||
mozilla seamonkey 2.0.11 |
||
mozilla seamonkey 2.0.9 |
||
mozilla seamonkey 2.0.7 |