CVE-2008-5024

CVSS v2.0 7.5 (High)

EPSS 1.48 % (87^th)

Affected Products 5

Advisories 10

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

Weaknesses

CWE-91: XML Injection (aka Blind XPath Injection)

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2008-11-13 11:30:01
(16 years ago)
Updated Date: 2018-11-02 13:50:11
(5 years ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Configuration #1

	CPE23	From	Up To
Mozilla Firefox from 2.0 version and prior 2.0.0.18 version	cpe:2.3:a:mozilla:firefox	>= 2.0	< 2.0.0.18
Mozilla Firefox from 3.0 version and prior 3.0.4 version	cpe:2.3:a:mozilla:firefox	>= 3.0	< 3.0.4
Mozilla Seamonkey from 1.0 version and prior 1.1.13 version	cpe:2.3:a:mozilla:seamonkey	>= 1.0	< 1.1.13
Mozilla Thunderbird from 2.0 version and prior 2.0.0.18 version	cpe:2.3:a:mozilla:thunderbird	>= 2.0	< 2.0.0.18

Configuration #2

		CPE23	From	Up To
	Debian Linux 4.0	cpe:2.3:o:debian:debian_linux:4.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::*:lts
	Canonical Ubuntu Linux 7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10
	Canonical Ubuntu Linux 8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::*:lts
	Canonical Ubuntu Linux 8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10