CVE-2008-2803

by Fred · 07/07/2008

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

Date published : 2008-07-07

http://www.securityfocus.com/bid/30038

http://www.securityfocus.com/archive/1/494080/100/0/threaded

CVE-2008-2803

Similar

Recent Posts

Categories

CVE-2008-2803

Share this:

Similar

Recent Posts

Categories

Tags