CVE-2008-2802

Severity

75%

Complexity

99%

Confidentiality

106%

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 16 years ago

2008-07-07 23:41:00

Last updated 6 years ago

2018-10-11 20:43:00

Affected Software

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla Firefox 2.0.0.2

2.0.0.2

Mozilla Firefox 2.0.0.3

2.0.0.3

Mozilla Firefox 2.0.0.4

2.0.0.4

Mozilla Firefox 2.0.0.5

2.0.0.5

Mozilla Firefox 2.0.0.6

2.0.0.6

Mozilla Firefox 2.0.0.7

2.0.0.7

Mozilla Firefox 2.0.0.8

2.0.0.8

Mozilla Firefox 2.0.0.9

2.0.0.9

Mozilla Firefox 2.0.0.10

2.0.0.10

Mozilla Firefox 2.0.0.11

2.0.0.11

Mozilla Firefox 2.0.0.12

2.0.0.12

Mozilla Firefox 2.0.0.13

2.0.0.13

Mozilla Firefox

Mozilla SeaMonkey 1.1

1.1

Mozilla Seamonkey 1.1.2

1.1.2

Mozilla Seamonkey 1.1.3

1.1.3

Mozilla Seamonkey 1.1.4

1.1.4

Mozilla Seamonkey 1.1.5

1.1.5

Mozilla Seamonkey 1.1.6

1.1.6

Mozilla Seamonkey 1.1.7

1.1.7

Mozilla SeaMonkey 1.1.8

1.1.8

Mozilla SeaMonkey

Mozilla Thunderbird 2.0.0.0

2.0.0.0

Mozilla Thunderbird 2.0.0.4

2.0.0.4

Mozilla Thunderbird 2.0.0.5

2.0.0.5

Mozilla Thunderbird 2.0.0.6

2.0.0.6

Mozilla Thunderbird 2.0.0.9

2.0.0.9

Mozilla Thunderbird 2.0.0.12

2.0.0.12

Mozilla Thunderbird

References

SUSE-SA:2008:034

RHSA-2008:0616

30878

30898

30903

30911

Vendor Advisory

30915

30949

31005

31008

31021

31023

31069

31076

31183

31195

31220

31253

31286

31377

31403

33433

34501

GLSA-200808-03

SSA:2008-191-03

SSA:2008-191

SSA:2008-210-05

256408

http://wiki.rpath.com/Advisories:rPSA-2008-0216

DSA-1607

DSA-1615

DSA-1621

DSA-1697

MDVSA-2008:136

MDVSA-2008:155

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

http://www.mozilla.org/security/announce/2008/mfsa2008-24.html

RHSA-2008:0547

RHSA-2008:0549

RHSA-2008:0569

20080708 rPSA-2008-0216-1 firefox

30038

1020419

USN-619-1

USN-629-1

ADV-2008-1993

ADV-2009-0977

https://bugzilla.mozilla.org/show_bug.cgi?id=419846

https://issues.rpath.com/browse/RPL-2646

oval:org.mitre.oval:def:11121

FEDORA-2008-6737

FEDORA-2008-6706

FEDORA-2008-6127

FEDORA-2008-6193

FEDORA-2008-6196

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.