PublicDateAtUSN: 2008-07-07 PublicDate: 2008-07-07 23:41:00 UTC Candidate: CVE-2008-2802 References: https://ubuntu.com/security/notices/USN-619-1 https://ubuntu.com/security/notices/USN-629-1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 Description: Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." Ubuntu-Description: Notes: jdstrand> reduced to medium now that firefox is out Bugs: Priority: medium Discovered-by: Assigned-to: asac CVSS: Patches_firefox: upstream_firefox: released (2.0.0.15) dapper_firefox: released (1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1) feisty_firefox: released (2.0.0.15+0nobinonly-0ubuntu0.7.4 ) gutsy_firefox: released (2.0.0.15+1nobinonly-0ubuntu0.7.10) hardy_firefox: released (2.0.0.15+1nobinonly-0ubuntu0.8.04.2) intrepid_firefox: DNE jaunty_firefox: DNE karmic_firefox: DNE Patches_firefox-3.0: upstream_firefox-3.0: needs-triage dapper_firefox-3.0: DNE feisty_firefox-3.0: DNE gutsy_firefox-3.0: needed (reached end-of-life) lucid_firefox: not-affected (3.0+nobinonly-0ubuntu0.8.04.1) maverick_firefox: not-affected (3.0+nobinonly-0ubuntu0.8.04.1) natty_firefox: not-affected (3.0+nobinonly-0ubuntu0.8.04.1) devel_firefox: not-affected (3.0+nobinonly-0ubuntu0.8.04.1) hardy_firefox-3.0: not-affected (3.0+nobinonly-0ubuntu0.8.04.1) intrepid_firefox-3.0: not-affected (3.0+nobinonly-0ubuntu2) jaunty_firefox-3.0: not-affected (3.0+nobinonly-0ubuntu2) karmic_firefox-3.0: DNE lucid_firefox-3.0: DNE maverick_firefox-3.0: DNE natty_firefox-3.0: DNE devel_firefox-3.0: DNE Patches_thunderbird: Priority_thunderbird: low upstream_thunderbird: released (2.0.0.16) dapper_thunderbird: DNE feisty_thunderbird: DNE gutsy_thunderbird: released (2.0.0.16+nobinonly-0ubuntu0.7.10.1) hardy_thunderbird: released (2.0.0.16+nobinonly-0ubuntu0.8.04.1) intrepid_thunderbird: released (2.0.0.16+nobinonly-0ubuntu1) jaunty_thunderbird: released (2.0.0.16+nobinonly-0ubuntu1) karmic_thunderbird: released (2.0.0.16+nobinonly-0ubuntu1) lucid_thunderbird: released (2.0.0.16+nobinonly-0ubuntu1) maverick_thunderbird: released (2.0.0.16+nobinonly-0ubuntu1) natty_thunderbird: released (2.0.0.16+nobinonly-0ubuntu1) devel_thunderbird: released (2.0.0.16+nobinonly-0ubuntu1) Patches_mozilla-thunderbird: Priority_mozilla-thunderbird: low upstream_mozilla-thunderbird: needs-triage dapper_mozilla-thunderbird: released (1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.6.06.1) feisty_mozilla-thunderbird: released (1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.7.04.1) gutsy_mozilla-thunderbird: DNE hardy_mozilla-thunderbird: DNE intrepid_mozilla-thunderbird: DNE jaunty_mozilla-thunderbird: DNE karmic_mozilla-thunderbird: DNE lucid_mozilla-thunderbird: DNE maverick_mozilla-thunderbird: DNE natty_mozilla-thunderbird: DNE devel_mozilla-thunderbird: DNE Patches_xulrunner: upstream_xulrunner: needs-triage dapper_xulrunner: DNE feisty_xulrunner: needed (reached end-of-life) gutsy_xulrunner: released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1) hardy_xulrunner: released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1) intrepid_xulrunner: released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1) jaunty_xulrunner: ignored (reached end-of-life) karmic_xulrunner: ignored (reached end-of-life) lucid_xulrunner: DNE maverick_xulrunner: DNE natty_xulrunner: DNE devel_xulrunner: DNE Patches_iceape: upstream_iceape: needs-triage dapper_iceape: DNE feisty_iceape: DNE gutsy_iceape: needed (reached end-of-life) hardy_iceape: DNE intrepid_iceape: DNE jaunty_iceape: DNE karmic_iceape: DNE lucid_iceape: DNE maverick_iceape: DNE natty_iceape: DNE devel_iceape: DNE Patches_icedove: upstream_icedove: released (2.0.0.15) dapper_icedove: DNE feisty_icedove: DNE gutsy_icedove: DNE hardy_icedove: DNE intrepid_icedove: DNE jaunty_icedove: DNE karmic_icedove: DNE lucid_icedove: DNE maverick_icedove: DNE natty_icedove: DNE devel_icedove: DNE Patches_iceweasel: upstream_iceweasel: released (2.0.0.15) dapper_iceweasel: DNE feisty_iceweasel: DNE gutsy_iceweasel: DNE hardy_iceweasel: DNE intrepid_iceweasel: DNE jaunty_iceweasel: DNE karmic_iceweasel: DNE lucid_iceweasel: DNE maverick_iceweasel: DNE natty_iceweasel: DNE devel_iceweasel: DNE Patches_seamonkey: upstream_seamonkey: released (1.1.10) dapper_seamonkey: DNE feisty_seamonkey: DNE gutsy_seamonkey: DNE hardy_seamonkey: released (1.1.12+nobinonly-0ubuntu0.8.04.1) intrepid_seamonkey: released (1.1.11+nobinonly-0ubuntu1) jaunty_seamonkey: released (1.1.11+nobinonly-0ubuntu1) karmic_seamonkey: released (1.1.11+nobinonly-0ubuntu1) lucid_seamonkey: released (1.1.11+nobinonly-0ubuntu1) maverick_seamonkey: released (1.1.11+nobinonly-0ubuntu1) natty_seamonkey: released (1.1.11+nobinonly-0ubuntu1) devel_seamonkey: released (1.1.11+nobinonly-0ubuntu1)