New Search

Mozilla Firefox 3.x before 3.0.4 Firefox 2.x before 2.0.0.18 Thunderbird 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

oval:org.mitre.oval:def:9063

Mozilla Firefox 3.x before 3.0.4 Firefox 2.x before 2.0.0.18 Thunderbird 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • CentOS Linux 5
  • CentOS Linux 3
  • CentOS Linux 4
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
  • Red Hat Enterprise Linux 3
  • Oracle Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2008-5024
Product(s):