{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2419?format=json","vulnerability_id":"VCID-jedz-rd4u-6fe3","summary":"Mozilla contributors moz_bug_r_a4, Boris\nZbarsky, and Johnny Stenback reported a series of\nvulnerabilities which allow scripts from page content to run with elevated\nprivileges. moz_bug_r_a4 demonstrated additional variants of MFSA 2007-25\nand MFSA2007-35 (arbitrary code execution through XPCNativeWrapper pollution).\nAdditional vulnerabilities reported separately by Boris Zbarsky, Johnny\nStenback, and moz_bug_r_a4 showed that the browser could be forced to run\nJavaScript code using the wrong principal leading to universal XSS and\narbitrary code execution.Thunderbird shares the browser engine with Firefox and could\nbe vulnerable if JavaScript were to be enabled in mail. This is not the\ndefault setting and we strongly discourage users from running JavaScript in\nmail.","aliases":[{"alias":"CVE-2008-1235"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235","reference_id":"CVE-2008-1235","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14","reference_id":"mfsa2008-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-14"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jedz-rd4u-6fe3"}