CVE-2008-5024
Published: 13 November 2008
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1)
|
| gutsy |
Released
(2.0.0.18+nobinonly-0ubuntu0.7.10)
|
|
| hardy |
Released
(2.0.0.18+nobinonly-0ubuntu0.8.04.1)
|
|
| intrepid |
Does not exist
|
|
| upstream |
Released
(2.0.0.18)
|
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Needed
(reached end-of-life)
|
|
| hardy |
Released
(3.0.4+nobinonly-0ubuntu0.8.04.1)
|
|
| intrepid |
Released
(3.0.4+nobinonly-0ubuntu0.8.10.1)
|
|
| upstream |
Needs triage
|
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Needed
(reached end-of-life)
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Released
(1.1.13)
|
|
|
icedove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
iceweasel Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1)
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Does not exist
|
|
| hardy |
Released
(1.1.15+nobinonly-0ubuntu0.8.04.2)
|
|
| intrepid |
Released
(1.1.15+nobinonly-0ubuntu0.8.10.2)
|
|
| upstream |
Released
(1.1.13)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Released
(2.0.0.18+nobinonly-0ubuntu0.7.10.1)
|
|
| hardy |
Released
(2.0.0.18+nobinonly-0ubuntu0.8.04.1)
|
|
| intrepid |
Released
(2.0.0.18+nobinonly-0ubuntu0.8.10.1)
|
|
| upstream |
Released
(2.0.0.18)
|
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
|
|
| hardy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1)
|
|
| intrepid |
Released
(1.8.1.16+nobinonly-0ubuntu1)
|
|
| upstream |
Needs triage
|
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Needed
(reached end-of-life)
|
|
| hardy |
Released
(1.9.0.4+nobinonly-0ubuntu0.8.04.1)
|
|
| intrepid |
Released
(1.9.0.4+nobinonly-0ubuntu0.8.10.1)
|
|
| upstream |
Released
(1.9.0.4)
|