Vulnerability Description
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 2.0.0.14 |
| Mozilla | Seamonkey | <= 1.1.9 |
| Mozilla | Thunderbird | <= 2.0.0.14 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
- http://rhn.redhat.com/errata/RHSA-2008-0616.html
- http://secunia.com/advisories/30878
- http://secunia.com/advisories/30898
- http://secunia.com/advisories/30903
- http://secunia.com/advisories/30911Vendor Advisory
- http://secunia.com/advisories/30915
- http://secunia.com/advisories/30949
- http://secunia.com/advisories/31005
- http://secunia.com/advisories/31008
- http://secunia.com/advisories/31021
- http://secunia.com/advisories/31023
- http://secunia.com/advisories/31069
- http://secunia.com/advisories/31076
- http://secunia.com/advisories/31183
FAQ
What is CVE-2008-2803?
CVE-2008-2803 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from ...
How severe is CVE-2008-2803?
CVE-2008-2803 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2803?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.