CVE-2008-2803
CVSS v2.0
6.8 (Medium)
EPSS
29.77 % (97th)
Affected Products
3
Advisories
9
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.
Weaknesses
- CWE-264
- Permissions, Privileges, and Access Controls
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2008-07-07 23:41:00
(16 years ago) - Updated Date
-
2018-10-11 20:43:47
(6 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...