CVE-2008-5024

Published: 13 November 2008

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.18)
firefox-3.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

iceape
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.13)
icedove
Launchpad, Ubuntu, Debian
Upstream Needs triage

iceweasel
Launchpad, Ubuntu, Debian
Upstream Needs triage

mozilla-thunderbird
Launchpad, Ubuntu, Debian
Upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.13)
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.18)
xulrunner
Launchpad, Ubuntu, Debian
Upstream Needs triage

xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.0.4)