CVE-2008-2803

N/A Unknown
Published: July 07, 2008 Modified: April 23, 2026
View on NVD

Description

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
Source: secalert@redhat.com
http://rhn.redhat.com/errata/RHSA-2008-0616.html
Source: secalert@redhat.com
http://secunia.com/advisories/30878
Source: secalert@redhat.com
http://secunia.com/advisories/30898
Source: secalert@redhat.com
http://secunia.com/advisories/30903
Source: secalert@redhat.com
http://secunia.com/advisories/30911
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/30915
Source: secalert@redhat.com
http://secunia.com/advisories/30949
Source: secalert@redhat.com
http://secunia.com/advisories/31005
Source: secalert@redhat.com
http://secunia.com/advisories/31008
Source: secalert@redhat.com
http://secunia.com/advisories/31021
Source: secalert@redhat.com
http://secunia.com/advisories/31023
Source: secalert@redhat.com
http://secunia.com/advisories/31069
Source: secalert@redhat.com
http://secunia.com/advisories/31076
Source: secalert@redhat.com
http://secunia.com/advisories/31183
Source: secalert@redhat.com
http://secunia.com/advisories/31195
Source: secalert@redhat.com
http://secunia.com/advisories/31220
Source: secalert@redhat.com
http://secunia.com/advisories/31253
Source: secalert@redhat.com
http://secunia.com/advisories/31286
Source: secalert@redhat.com
http://secunia.com/advisories/31377
Source: secalert@redhat.com
http://secunia.com/advisories/31403
Source: secalert@redhat.com
http://secunia.com/advisories/33433
Source: secalert@redhat.com
http://secunia.com/advisories/34501
Source: secalert@redhat.com
http://security.gentoo.org/glsa/glsa-200808-03.xml
Source: secalert@redhat.com
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
Source: secalert@redhat.com
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
Source: secalert@redhat.com
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Source: secalert@redhat.com
http://wiki.rpath.com/Advisories:rPSA-2008-0216
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1607
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1615
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1621
Source: secalert@redhat.com
http://www.debian.org/security/2009/dsa-1697
Source: secalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
Source: secalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
Source: secalert@redhat.com
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
Source: secalert@redhat.com
http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2008-0547.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2008-0549.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2008-0569.html
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/494080/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/30038
Source: secalert@redhat.com
http://www.securitytracker.com/id?1020419
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-619-1
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-629-1
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/1993/references
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2009/0977
Source: secalert@redhat.com
https://bugzilla.mozilla.org/show_bug.cgi?id=418356
Source: secalert@redhat.com
https://issues.rpath.com/browse/RPL-2646
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10747
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
Source: secalert@redhat.com
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://rhn.redhat.com/errata/RHSA-2008-0616.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30878
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30898
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30903
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30911
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30915
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30949
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31005
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31008
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31021
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31023
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31069
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31076
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31183
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31195
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31220
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31253
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31286
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31377
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31403
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/33433
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/34501
Source: af854a3a-2127-422b-91ae-364da2661108
http://security.gentoo.org/glsa/glsa-200808-03.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/Advisories:rPSA-2008-0216
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1607
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1615
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1621
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2009/dsa-1697
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0547.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0549.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0569.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/494080/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/30038
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1020419
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-619-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-629-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1993/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2009/0977
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.mozilla.org/show_bug.cgi?id=418356
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-2646
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10747
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
Source: af854a3a-2127-422b-91ae-364da2661108

110 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

mozilla

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A