[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5024Date: (C)2008-11-13   (M)2024-02-09


Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1021192
SUNALERT-256408
BID-32281
SECUNIA-32684
SECUNIA-32693
SECUNIA-32694
SECUNIA-32695
SECUNIA-32713
SECUNIA-32714
SECUNIA-32715
SECUNIA-32721
SECUNIA-32778
SECUNIA-32798
SECUNIA-32845
SECUNIA-32853
SECUNIA-33433
SECUNIA-33434
SECUNIA-34501
ADV-2008-3146
ADV-2009-0977
DSA-1669
DSA-1671
DSA-1696
DSA-1697
FEDORA-2008-9667
FEDORA-2008-9669
MDVSA-2008:228
MDVSA-2008:230
MDVSA-2008:235
RHSA-2008:0976
RHSA-2008:0977
RHSA-2008:0978
SUSE-SA:2008:055
TA08-319A
USN-667-1
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
https://bugzilla.mozilla.org/show_bug.cgi?id=453915
oval:org.mitre.oval:def:9063

CPE    8
cpe:/a:mozilla:thunderbird
cpe:/o:debian:debian_linux:4.0
cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~
cpe:/a:mozilla:seamonkey
...
CWE    1
CWE-91
OVAL    9
oval:org.secpod.oval:def:600503
oval:org.secpod.oval:def:301255
oval:org.mitre.oval:def:8021
oval:org.mitre.oval:def:8140
...

© SecPod Technologies