CVE-2008-2803 (retired)

Priority
Description
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before
2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10
does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2)
data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote
attackers to execute arbitrary code via vectors involving third-party
add-ons.
Assigned-to
asac
Notes
jdstrandreduced to medium now that firefox is out
Package
Upstream:released (2.0.0.15)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (2.0.0.15)
Package
Upstream:released (2.0.0.15)
Package
Priority: Low
Upstream:needs-triage
Package
Upstream:released (1.1.10)
Package
Priority: Low
Upstream:released (2.0.0.16)
Package
Upstream:needs-triage
More Information

Updated: 2019-10-09 07:11:13 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)