Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2008-25

Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()

Announced
July 1, 2008
Reporter
moz_bug_r_a4
Impact
Critical
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 2.0.0.15
  • Firefox 3
  • SeaMonkey 1.1.10
  • Thunderbird 2.0.0.16

Description

Mozilla security researcher moz_bug_r_a4 reported that mozIJSSubScriptLoader.LoadScript() only applied XPCNativeWrappers to scripts loaded from standard chrome: URIs. Add-ons using this feature to load scripts from other schemes such as file: or data: (typically dynamically generated scripts) and chrome: URIs using non-canonical package names (e.g. uppercase) did not have the protective wrappers applied. If the scripts interact with web content in any way that content could exploit the unwrapped scripts to run arbitrary code.

Firefox itself does not use this feature in a vulnerable way and users who have not installed any Add-ons are not at risk. We have, however, identified popular Add-ons using this feature whose users are at risk and there are no doubt others.

Thunderbird users are not at risk when JavaScript is disabled in mail. This is the default setting and we strongly discourage users from enabling JavaScript in mail.

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References