CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to pollute XPCNativeWrappers and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	*
Firefox	Mozilla	*	2.0.0.17 (including)
Firefox	Mozilla	0.8 (including)	0.8 (including)
Firefox	Mozilla	0.9 (including)	0.9 (including)
Firefox	Mozilla	0.9-rc (including)	0.9-rc (including)
Firefox	Mozilla	0.9.1 (including)	0.9.1 (including)
Firefox	Mozilla	0.9.2 (including)	0.9.2 (including)
Firefox	Mozilla	0.9.3 (including)	0.9.3 (including)
Firefox	Mozilla	0.9_rc (including)	0.9_rc (including)
Firefox	Mozilla	0.10 (including)	0.10 (including)
Firefox	Mozilla	0.10.1 (including)	0.10.1 (including)
Firefox	Mozilla	1.0 (including)	1.0 (including)
Firefox	Mozilla	1.0.1 (including)	1.0.1 (including)
Firefox	Mozilla	1.0.2 (including)	1.0.2 (including)
Firefox	Mozilla	1.0.3 (including)	1.0.3 (including)
Firefox	Mozilla	1.0.4 (including)	1.0.4 (including)
Firefox	Mozilla	1.0.5 (including)	1.0.5 (including)
Firefox	Mozilla	1.0.6 (including)	1.0.6 (including)
Firefox	Mozilla	1.0.7 (including)	1.0.7 (including)
Firefox	Mozilla	1.0.8 (including)	1.0.8 (including)
Firefox	Mozilla	1.5 (including)	1.5 (including)
Firefox	Mozilla	1.5-beta1 (including)	1.5-beta1 (including)
Firefox	Mozilla	1.5-beta2 (including)	1.5-beta2 (including)
Firefox	Mozilla	1.5.0.1 (including)	1.5.0.1 (including)
Firefox	Mozilla	1.5.0.2 (including)	1.5.0.2 (including)
Firefox	Mozilla	1.5.0.3 (including)	1.5.0.3 (including)
Firefox	Mozilla	1.5.0.4 (including)	1.5.0.4 (including)
Firefox	Mozilla	1.5.0.5 (including)	1.5.0.5 (including)
Firefox	Mozilla	1.5.0.6 (including)	1.5.0.6 (including)
Firefox	Mozilla	1.5.0.7 (including)	1.5.0.7 (including)
Firefox	Mozilla	1.5.0.8 (including)	1.5.0.8 (including)
Firefox	Mozilla	1.5.0.9 (including)	1.5.0.9 (including)
Firefox	Mozilla	1.5.0.10 (including)	1.5.0.10 (including)
Firefox	Mozilla	1.5.0.11 (including)	1.5.0.11 (including)
Firefox	Mozilla	1.5.0.12 (including)	1.5.0.12 (including)
Firefox	Mozilla	1.5.1 (including)	1.5.1 (including)
Firefox	Mozilla	1.5.2 (including)	1.5.2 (including)
Firefox	Mozilla	1.5.3 (including)	1.5.3 (including)
Firefox	Mozilla	1.5.4 (including)	1.5.4 (including)
Firefox	Mozilla	1.5.5 (including)	1.5.5 (including)
Firefox	Mozilla	1.5.6 (including)	1.5.6 (including)
Firefox	Mozilla	1.5.7 (including)	1.5.7 (including)
Firefox	Mozilla	1.5.8 (including)	1.5.8 (including)
Firefox	Mozilla	1.8 (including)	1.8 (including)
Firefox	Mozilla	2.0 (including)	2.0 (including)
Firefox	Mozilla	2.0-beta1 (including)	2.0-beta1 (including)
Firefox	Mozilla	2.0-rc2 (including)	2.0-rc2 (including)
Firefox	Mozilla	2.0-rc3 (including)	2.0-rc3 (including)
Firefox	Mozilla	2.0.0.1 (including)	2.0.0.1 (including)
Firefox	Mozilla	2.0.0.2 (including)	2.0.0.2 (including)
Firefox	Mozilla	2.0.0.3 (including)	2.0.0.3 (including)
Firefox	Mozilla	2.0.0.4 (including)	2.0.0.4 (including)
Firefox	Mozilla	2.0.0.5 (including)	2.0.0.5 (including)
Firefox	Mozilla	2.0.0.6 (including)	2.0.0.6 (including)
Firefox	Mozilla	2.0.0.7 (including)	2.0.0.7 (including)
Firefox	Mozilla	2.0.0.8 (including)	2.0.0.8 (including)
Firefox	Mozilla	2.0.0.9 (including)	2.0.0.9 (including)
Firefox	Mozilla	2.0.0.10 (including)	2.0.0.10 (including)
Firefox	Mozilla	2.0.0.11 (including)	2.0.0.11 (including)
Firefox	Mozilla	2.0.0.12 (including)	2.0.0.12 (including)
Firefox	Mozilla	2.0.0.13 (including)	2.0.0.13 (including)
Firefox	Mozilla	2.0.0.14 (including)	2.0.0.14 (including)
Firefox	Mozilla	2.0.0.15 (including)	2.0.0.15 (including)
Firefox	Mozilla	2.0.0.16 (including)	2.0.0.16 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-4059
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References