CVE-2008-1240

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/03/2008
Last modified:
09/04/2025

Description

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 2.0.0.12 (including)
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* 1.1.8 (including)


References to Advisories, Solutions, and Tools