CVE-2008-5024 Information
Description
Mozilla Firefox 3.x before 3.0.4 Firefox 2.x before 2.0.0.18 Thunderbird 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
Reference
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://ubuntu.com/usn/usn-667-1 http://www.debian.org/security/2008/dsa-1669 http://www.debian.org/security/2008/dsa-1671 http://www.debian.org/security/2009/dsa-1696 http://www.debian.org/security/2009/dsa-1697 http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 http://www.mozilla.org/security/announce/2008/mfsa2008-58.html http://www.redhat.com/support/errata/RHSA-2008-0976.html http://www.redhat.com/support/errata/RHSA-2008-0977.html http://www.redhat.com/support/errata/RHSA-2008-0978.html http://www.securityfocus.com/bid/32281 http://www.securitytracker.com/id?1021192 http://www.us-cert.gov/cas/techalerts/TA08-319A.html http://www.vupen.com/english/advisories/2008/3146 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=453915 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9063 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
Share on: