The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 2.0.0.14 (including) |
Firefox | Mozilla | 2.0 (including) | 2.0 (including) |
Firefox | Mozilla | 2.0.0.1 (including) | 2.0.0.1 (including) |
Firefox | Mozilla | 2.0.0.2 (including) | 2.0.0.2 (including) |
Firefox | Mozilla | 2.0.0.3 (including) | 2.0.0.3 (including) |
Firefox | Mozilla | 2.0.0.4 (including) | 2.0.0.4 (including) |
Firefox | Mozilla | 2.0.0.5 (including) | 2.0.0.5 (including) |
Firefox | Mozilla | 2.0.0.6 (including) | 2.0.0.6 (including) |
Firefox | Mozilla | 2.0.0.7 (including) | 2.0.0.7 (including) |
Firefox | Mozilla | 2.0.0.8 (including) | 2.0.0.8 (including) |
Firefox | Mozilla | 2.0.0.9 (including) | 2.0.0.9 (including) |
Firefox | Mozilla | 2.0.0.10 (including) | 2.0.0.10 (including) |
Firefox | Mozilla | 2.0.0.11 (including) | 2.0.0.11 (including) |
Firefox | Mozilla | 2.0.0.12 (including) | 2.0.0.12 (including) |
Firefox | Mozilla | 2.0.0.13 (including) | 2.0.0.13 (including) |
Seamonkey | Mozilla | * | 1.1.9 (including) |
Seamonkey | Mozilla | 1.1 (including) | 1.1 (including) |
Seamonkey | Mozilla | 1.1.2 (including) | 1.1.2 (including) |
Seamonkey | Mozilla | 1.1.3 (including) | 1.1.3 (including) |
Seamonkey | Mozilla | 1.1.4 (including) | 1.1.4 (including) |
Seamonkey | Mozilla | 1.1.5 (including) | 1.1.5 (including) |
Seamonkey | Mozilla | 1.1.6 (including) | 1.1.6 (including) |
Seamonkey | Mozilla | 1.1.7 (including) | 1.1.7 (including) |
Seamonkey | Mozilla | 1.1.8 (including) | 1.1.8 (including) |
Thunderbird | Mozilla | * | 2.0.0.14 (including) |
Thunderbird | Mozilla | 2.0.0.0 (including) | 2.0.0.0 (including) |
Thunderbird | Mozilla | 2.0.0.1 (including) | 2.0.0.1 (including) |
Thunderbird | Mozilla | 2.0.0.2 (including) | 2.0.0.2 (including) |
Thunderbird | Mozilla | 2.0.0.3 (including) | 2.0.0.3 (including) |
Thunderbird | Mozilla | 2.0.0.4 (including) | 2.0.0.4 (including) |
Thunderbird | Mozilla | 2.0.0.5 (including) | 2.0.0.5 (including) |
Thunderbird | Mozilla | 2.0.0.6 (including) | 2.0.0.6 (including) |
Thunderbird | Mozilla | 2.0.0.8 (including) | 2.0.0.8 (including) |
Thunderbird | Mozilla | 2.0.0.9 (including) | 2.0.0.9 (including) |
Thunderbird | Mozilla | 2.0.0.11 (including) | 2.0.0.11 (including) |
Thunderbird | Mozilla | 2.0.0.12 (including) | 2.0.0.12 (including) |
Thunderbird | Mozilla | 2.0.0.13 (including) | 2.0.0.13 (including) |