CVE-2008-2803

Severity

68%

Complexity

86%

Confidentiality

106%

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 16 years ago

2008-07-07 23:41:00

Last updated 6 years ago

2018-10-11 20:43:00

Affected Software

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla Firefox 2.0.0.2

2.0.0.2

Mozilla Firefox 2.0.0.3

2.0.0.3

Mozilla Firefox 2.0.0.4

2.0.0.4

Mozilla Firefox 2.0.0.5

2.0.0.5

Mozilla Firefox 2.0.0.6

2.0.0.6

Mozilla Firefox 2.0.0.7

2.0.0.7

Mozilla Firefox 2.0.0.8

2.0.0.8

Mozilla Firefox 2.0.0.9

2.0.0.9

Mozilla Firefox 2.0.0.10

2.0.0.10

Mozilla Firefox 2.0.0.11

2.0.0.11

Mozilla Firefox 2.0.0.12

2.0.0.12

Mozilla Firefox 2.0.0.13

2.0.0.13

Mozilla Firefox

Mozilla SeaMonkey 1.1

1.1

Mozilla Seamonkey 1.1.2

1.1.2

Mozilla Seamonkey 1.1.3

1.1.3

Mozilla Seamonkey 1.1.4

1.1.4

Mozilla Seamonkey 1.1.5

1.1.5

Mozilla Seamonkey 1.1.6

1.1.6

Mozilla Seamonkey 1.1.7

1.1.7

Mozilla SeaMonkey 1.1.8

1.1.8

Mozilla SeaMonkey

Mozilla Thunderbird 2.0.0.0

2.0.0.0

Mozilla Thunderbird 2.0.0.4

2.0.0.4

Mozilla Thunderbird 2.0.0.5

2.0.0.5

Mozilla Thunderbird 2.0.0.6

2.0.0.6

Mozilla Thunderbird 2.0.0.9

2.0.0.9

Mozilla Thunderbird 2.0.0.12

2.0.0.12

Mozilla Thunderbird

References

SUSE-SA:2008:034

RHSA-2008:0616

30878

30898

30903

30911

Vendor Advisory

30915

30949

31005

31008

31021

31023

31069

31076

31183

31195

31220

31253

31286

31377

31403

33433

34501

GLSA-200808-03

SSA:2008-191-03

SSA:2008-191

SSA:2008-210-05

256408

http://wiki.rpath.com/Advisories:rPSA-2008-0216

DSA-1607

DSA-1615

DSA-1621

DSA-1697

MDVSA-2008:136

MDVSA-2008:155

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

http://www.mozilla.org/security/announce/2008/mfsa2008-25.html

RHSA-2008:0547

RHSA-2008:0549

RHSA-2008:0569

20080708 rPSA-2008-0216-1 firefox

30038

1020419

USN-619-1

USN-629-1

ADV-2008-1993

ADV-2009-0977

https://bugzilla.mozilla.org/show_bug.cgi?id=418356

https://issues.rpath.com/browse/RPL-2646

oval:org.mitre.oval:def:10747

FEDORA-2008-6737

FEDORA-2008-6706

FEDORA-2008-6127

FEDORA-2008-6193

FEDORA-2008-6196

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.