CVE-2008-1240

Description

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.

Risk Information

Base Score

7.5

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

4.851

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 2.0.0.12	Windows
Multiple vulnerabilities affected in Mozilla_Firefox 2.0.0.12	Windows
Multiple vulnerabilities affected in SeaMonkey 1.1.8	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 2.0.0.12	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 2.0.0.12	Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 2.0.0.13	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-343016	Mozilla Firefox (x64) (132.0.2)
PATCH-343015	Mozilla Firefox (132.0.2)
PATCH-341197	SeaMonkey (2.53.19)
PATCH-613630	Mozilla Firefox For Mac (147.0.4)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234