CVE-2008-4060

Published: 24 September 2008

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.17)
firefox-3.0
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.3)
iceape
Launchpad, Ubuntu, Debian
Upstream Needs triage

mozilla-thunderbird
Launchpad, Ubuntu, Debian
Upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.12)
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.17)
xulrunner
Launchpad, Ubuntu, Debian
Upstream Needs triage

xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.0.3)