Home > Vulnerability Database > CVE-2008-5024

Mend.io Vulnerability Database

CVE-2008-5024

Date: November 13, 2008

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

Severity Score

7.3

Related Resources (42)

Url: http://secunia.com/advisories/32695

Url: https://access.redhat.com/security/cve/CVE-2008-5024

Url: http://secunia.com/advisories/32694

Url: http://www.debian.org/security/2009/dsa-1696

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://secunia.com/advisories/32693

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5024

Url: https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

Url: http://secunia.com/advisories/32714

Url: http://secunia.com/advisories/32713

Url: http://www.redhat.com/support/errata/RHSA-2008-0978.html

Url: http://secunia.com/advisories/32778

Url: http://www.securitytracker.com/id?1021192

Url: http://secunia.com/advisories/32853

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:235

Url: http://secunia.com/advisories/32798

Url: http://www.securityfocus.com/bid/32281

Url: http://www.us-cert.gov/cas/techalerts/TA08-319A.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

Url: http://ubuntu.com/usn/usn-667-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-5024

Url: http://secunia.com/advisories/32715

Url: http://www.vupen.com/english/advisories/2009/0977

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-58.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0977.html

Url: http://www.debian.org/security/2008/dsa-1669

Url: http://secunia.com/advisories/33433

Url: http://secunia.com/advisories/32684

Url: http://secunia.com/advisories/33434

Url: http://secunia.com/advisories/34501

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=453915

Url: http://www.redhat.com/support/errata/RHSA-2008-0976.html

Url: http://www.debian.org/security/2008/dsa-1671

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

Url: http://secunia.com/advisories/32845

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063

Url: http://secunia.com/advisories/32721

Url: http://www.vupen.com/english/advisories/2008/3146

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

Url: https://www.mend.io/vulnerability-database/CVE-2008-5024

Severity Score

7.3

Weakness Type (CWE)

XML Injection (aka Blind XPath Injection)

CWE-91

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-5024

Date: November 13, 2008

Severity Score

Related Resources (42)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?