CVE-2008-2803 — Mozilla Firefox vulnerability

CWE-2646 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

6.4%

top 8.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedJul 7

Latest updateMay 1

Description

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox2.0.0.14+14

▶NVDmozilla/seamonkey1.1.9+8

▶NVDmozilla/thunderbird2.0.0.14+12

🔴Vulnerability Details

GHSA

GHSA-94rc-32qx-6f25: The mozIJSSubScriptLoader↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2008-07-25

▶

Red Hat

Firefox javascript arbitrary code execution↗2008-07-02

▶

Ubuntu

Firefox vulnerabilities↗2008-07-02

▶

💬Community

Bugzilla

CVE-2008-2803 Firefox javascript arbitrary code execution↗2008-06-24

▶