Launchpad.net

CVE 2008-2803

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

Related bugs and status

CVE-2008-2803 (Candidate) is related to these bugs:

Bug #218534: [Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14

		In	Importance	Status
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu)	Undecided	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Dapper)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Dapper)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Dapper)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Dapper)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Feisty)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Feisty)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Feisty)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Feisty)	Critical	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Gutsy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Gutsy)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Gutsy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Gutsy)	Undecided	Won't Fix
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Intrepid)	Undecided	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Intrepid)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Intrepid)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Intrepid)	Critical	Fix Released

Bug #254618: Please update xulrunner to 1.8.1.16 version.

Summary				In	Importance	Status
	254618	Please update xulrunner to 1.8.1.16 version.		xulrunner (Ubuntu)	High	Fix Released
	254618	Please update xulrunner to 1.8.1.16 version.		xulrunner (Ubuntu Hardy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
UBUNTU: USN-619-1
BID: 30038
SECUNIA: 30911
CONFIRM: https://issues.rpath.c...
FEDORA: FEDORA-2008-6127
FEDORA: FEDORA-2008-6193
FEDORA: FEDORA-2008-6196
MANDRIVA: MDVSA-2008:136
REDHAT: RHSA-2008:0547
REDHAT: RHSA-2008:0549
REDHAT: RHSA-2008:0569
SUSE: SUSE-SA:2008:034
SECTRACK: 1020419
SECUNIA: 30915
SECUNIA: 30878
SECUNIA: 30898
SECUNIA: 30903
SECUNIA: 30949
SECUNIA: 31005
SECUNIA: 31008
DEBIAN: DSA-1607
DEBIAN: DSA-1615
REDHAT: RHSA-2008:0616
SECUNIA: 31069
SECUNIA: 31023
SECUNIA: 31183
SECUNIA: 31195
DEBIAN: DSA-1621
FEDORA: FEDORA-2008-6706
FEDORA: FEDORA-2008-6737
GENTOO: GLSA-200808-03
MANDRIVA: MDVSA-2008:155
UBUNTU: USN-629-1
SECUNIA: 31220
SECUNIA: 31253
SECUNIA: 31377
SECUNIA: 31286
SECUNIA: 31403
CONFIRM: http://wiki.rpath.com/...
SECUNIA: 31021
DEBIAN: DSA-1697
SECUNIA: 33433
SUNALERT: 256408
SECUNIA: 34501
VUPEN: ADV-2009-0977
VUPEN: ADV-2008-1993
SECUNIA: 31076
SLACKWARE: SSA:2008-191-03
SLACKWARE: SSA:2008-210-05
SLACKWARE: SSA:2008-191
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080708 rPSA-2008-021...