CVE-2008-2806

Loading...

General

Score:7.5/10.0
Severity:High
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 08/07/08 - Updated on 27/11/12

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2008-2806
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-350
Mozilla MFSA2008-28

Exploits

SecurityFocusBID-30038

Relative technologies

VendorProduct
mozillafirefox
mozillaseamonkey
mozillathunderbird

Share this vulnerability with:

Twitter Facebook LinkedIn Mail