CVE-2008-5024

Mozilla Firefox <3.0.4-2.0.0.18 & Thunderbird <2.0.0.18 & SeaMonkey...

Title source: llm
STIX 2.1

Description

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

References (38)

... and 18 more

Scores

EPSS 0.0722
EPSS Percentile 91.6%

Details

CWE
CWE-91
Status published
Products (8)
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 7.10
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 8.10
debian/debian_linux 4.0
mozilla/firefox 2.0 - 2.0.0.18
mozilla/seamonkey 1.0 - 1.1.13
mozilla/thunderbird 2.0 - 2.0.0.18
Published Nov 13, 2008
Tracked Since Feb 18, 2026