CVE-2008-2802Mozilla Firefox vulnerability

CWE-2646 documents5 sources
Severity
7.5HIGHNVD
EPSS
6.8%
top 8.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedJul 7
Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDmozilla/firefox2.0.0.14+14
NVDmozilla/seamonkey1.1.9+8
NVDmozilla/thunderbird2.0.0.14+12

🔴Vulnerability Details

1
GHSA
GHSA-77xj-v2qv-wvf3: Mozilla Firefox before 22022-05-01

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2008-07-25
Ubuntu
Firefox vulnerabilities2008-07-02
Red Hat
Firefox arbitrary JavaScript code execution2008-07-02

💬Community

1
Bugzilla
CVE-2008-2802 Firefox arbitrary JavaScript code execution2008-06-24
CVE-2008-2802 — Mozilla Firefox vulnerability | cvebase