Mozilla · Firefox · CVE-2008-5015
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions 3.x before 3.0.4
**Description**
The issue allows user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. This occurs when a file: URI is accessed in the same tab from a chrome or privileged about: page, assigning chrome privileges to the file.
**Recommendations**
For Mozilla Firefox versions 3.x before 3.0.4, update to version 3.0.4 or later to resolve the issue.