Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2008-11-13T11:00:00
Updated: 2017-09-28T12:57:01
Reserved: 2008-11-10T00:00:00
Link: CVE-2008-5024
JSON object: View
NVD Information
Status : Analyzed
Published: 2008-11-13T11:30:01.457
Modified: 2018-11-02T13:50:11.290
Link: CVE-2008-5024
JSON object: View
Redhat Information
No data.
CWE