Skip to content
appaloosa scout logo main rounded
N/A

CVE-2008-2803

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.

Affected tracked apps

Thunderbird
winget:Mozilla.Thunderbird
1 open

Vulnerable CPE configurations

Vendor Product Platform Versions CPE 2.3 URI
mozilla thunderbird Windows ≤2.0.0.14 cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*
View on NVD ↗