CVE 2008-5512

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before, Thunderbird 2.x before, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."

See the CVE page on for more details.