The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2008-07-07T23:00:00
Updated: 2018-10-11T19:57:01
Reserved: 2008-06-20T00:00:00
Link: CVE-2008-2803
JSON object: View
NVD Information
Status : Modified
Published: 2008-07-07T23:41:00.000
Modified: 2018-10-11T20:43:47.370
Link: CVE-2008-2803
JSON object: View
Redhat Information
No data.
CWE