CVE-2008-5024
9.5 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.7%
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
References
lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
secunia.com/advisories/32684
secunia.com/advisories/32693
secunia.com/advisories/32694
secunia.com/advisories/32695
secunia.com/advisories/32713
secunia.com/advisories/32714
secunia.com/advisories/32715
secunia.com/advisories/32721
secunia.com/advisories/32778
secunia.com/advisories/32798
secunia.com/advisories/32845
secunia.com/advisories/32853
secunia.com/advisories/33433
secunia.com/advisories/33434
secunia.com/advisories/34501
sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
ubuntu.com/usn/usn-667-1
www.debian.org/security/2008/dsa-1669
www.debian.org/security/2008/dsa-1671
www.debian.org/security/2009/dsa-1696
www.debian.org/security/2009/dsa-1697
www.mandriva.com/security/advisories?name=MDVSA-2008:228
www.mandriva.com/security/advisories?name=MDVSA-2008:230
www.mandriva.com/security/advisories?name=MDVSA-2008:235
www.mozilla.org/security/announce/2008/mfsa2008-58.html
www.redhat.com/support/errata/RHSA-2008-0976.html
www.redhat.com/support/errata/RHSA-2008-0977.html
www.redhat.com/support/errata/RHSA-2008-0978.html
www.securityfocus.com/bid/32281
www.securitytracker.com/id?1021192
www.us-cert.gov/cas/techalerts/TA08-319A.html
www.vupen.com/english/advisories/2008/3146
www.vupen.com/english/advisories/2009/0977
bugzilla.mozilla.org/show_bug.cgi?id=453915
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063
www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
Related
9.5 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.7%