CVE-2008-2803

2008-07-07T23:41:00
ID CVE-2008-2803
Type cve
Reporter cve@mitre.org
Modified 2018-10-11T20:43:00

Description

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.