Unrated severityNVD Advisory· Published Nov 13, 2008· Updated Apr 23, 2026
CVE-2008-5024
CVE-2008-5024
Description
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
Affected products
8cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
38- bugzilla.mozilla.org/show_bug.cginvdExploitIssue TrackingVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlnvdThird Party Advisory
- secunia.com/advisories/32684nvdThird Party Advisory
- secunia.com/advisories/32693nvdThird Party Advisory
- secunia.com/advisories/32694nvdThird Party Advisory
- secunia.com/advisories/32695nvdThird Party Advisory
- secunia.com/advisories/32713nvdThird Party Advisory
- secunia.com/advisories/32714nvdThird Party Advisory
- secunia.com/advisories/32715nvdThird Party Advisory
- secunia.com/advisories/32721nvdThird Party Advisory
- secunia.com/advisories/32778nvdThird Party Advisory
- secunia.com/advisories/32798nvdThird Party Advisory
- secunia.com/advisories/32845nvdThird Party Advisory
- secunia.com/advisories/32853nvdThird Party Advisory
- secunia.com/advisories/33433nvdThird Party Advisory
- secunia.com/advisories/33434nvdThird Party Advisory
- secunia.com/advisories/34501nvdThird Party Advisory
- ubuntu.com/usn/usn-667-1nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1669nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1671nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1696nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1697nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mozilla.org/security/announce/2008/mfsa2008-58.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0976.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0977.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0978.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/32281nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA08-319A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2008/3146nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/0977nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063nvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlnvdThird Party Advisory
- sunsolve.sun.com/search/document.donvdBroken Link
News mentions
0No linked articles in our index yet.