CVE-2008-2803

Priority
Description
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before
2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10
does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2)
data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote
attackers to execute arbitrary code via vectors involving third-party
add-ons.
Assigned-to
asac
Notes
jdstrandreduced to medium now that firefox is out
Package
Upstream:released (2.0.0.15)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (2.0.0.15)
Package
Upstream:released (2.0.0.15)
Package
Priority: Low
Upstream:needs-triage
Package
Upstream:released (1.1.10)
Package
Priority: Low
Upstream:released (2.0.0.16)
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 20:49:31 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)