Upstream information

CVE-2008-2803 at MITRE

Description

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  NVD
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 400757 [RESOLVED / FIXED]

SUSE Security Advisories:


SUSE Timeline for this CVE

CVE page created: Tue Jul 9 16:02:08 2013
CVE page last modified: Mon Sep 9 16:59:39 2024