New Search

Mozilla Firefox 3.x before 3.0.4 Firefox 2.x before 2.0.0.18 Thunderbird 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

oval:org.mitre.oval:def:9063

Mozilla Firefox 3.x before 3.0.4 Firefox 2.x before 2.0.0.18 Thunderbird 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • CentOS Linux 3
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
  • Red Hat Enterprise Linux 3
  • Oracle Linux 4
  • Red Hat Enterprise Linux 4
  • CentOS Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2008-5024
Product(s):