CVE-2008-2803

Description

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

Software From Fixed in
mozilla / firefox - 2.0.0.14.x
mozilla / firefox 2.0 2.0.x
mozilla / firefox 2.0.0.1 2.0.0.1.x
mozilla / firefox 2.0.0.10 2.0.0.10.x
mozilla / firefox 2.0.0.11 2.0.0.11.x
mozilla / firefox 2.0.0.12 2.0.0.12.x
mozilla / firefox 2.0.0.13 2.0.0.13.x
mozilla / firefox 2.0.0.2 2.0.0.2.x
mozilla / firefox 2.0.0.3 2.0.0.3.x
mozilla / firefox 2.0.0.4 2.0.0.4.x
mozilla / firefox 2.0.0.5 2.0.0.5.x
mozilla / firefox 2.0.0.6 2.0.0.6.x
mozilla / firefox 2.0.0.7 2.0.0.7.x
mozilla / firefox 2.0.0.8 2.0.0.8.x
mozilla / firefox 2.0.0.9 2.0.0.9.x
mozilla / thunderbird - 2.0.0.14.x
mozilla / thunderbird 2.0.0.0 2.0.0.0.x
mozilla / thunderbird 2.0.0.1 2.0.0.1.x
mozilla / thunderbird 2.0.0.11 2.0.0.11.x
mozilla / thunderbird 2.0.0.12 2.0.0.12.x
mozilla / thunderbird 2.0.0.13 2.0.0.13.x
mozilla / thunderbird 2.0.0.2 2.0.0.2.x
mozilla / thunderbird 2.0.0.3 2.0.0.3.x
mozilla / thunderbird 2.0.0.4 2.0.0.4.x
mozilla / thunderbird 2.0.0.5 2.0.0.5.x
mozilla / thunderbird 2.0.0.6 2.0.0.6.x
mozilla / thunderbird 2.0.0.8 2.0.0.8.x
mozilla / thunderbird 2.0.0.9 2.0.0.9.x
mozilla / seamonkey - 1.1.9.x
mozilla / seamonkey 1.1 1.1.x
mozilla / seamonkey 1.1.2 1.1.2.x
mozilla / seamonkey 1.1.3 1.1.3.x
mozilla / seamonkey 1.1.4 1.1.4.x
mozilla / seamonkey 1.1.5 1.1.5.x
mozilla / seamonkey 1.1.6 1.1.6.x
mozilla / seamonkey 1.1.7 1.1.7.x
mozilla / seamonkey 1.1.8 1.1.8.x