PT-2008-6938 · Mozilla+2 · Firefox+4

Published

1970-01-01

Updated

2024-06-15

CVE-2008-5024

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.x through 3.0.3 Mozilla Firefox versions 2.x through 2.0.0.17 Thunderbird versions 2.x through 2.0.0.17 SeaMonkey versions 1.x through 1.1.12

Description The issue allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document due to improper escaping of quote characters used for XML processing. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely.

Recommendations For Mozilla Firefox versions 3.x through 3.0.3, update to version 3.0.4 or later. For Mozilla Firefox versions 2.x through 2.0.0.17, update to version 2.0.0.18 or later. For Thunderbird versions 2.x through 2.0.0.17, update to version 2.0.0.18 or later. For SeaMonkey versions 1.x through 1.1.12, update to version 1.1.13 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-91

Related Identifiers

BDU:2015-02788

BDU:2015-02789

BDU:2015-02790

BDU:2015-02791

BDU:2015-02792

BDU:2015-02793

BDU:2015-02794

BDU:2015-02795

BDU:2015-02796

BDU:2015-02797

CVE-2008-5024

DSA-1669-1

DSA-1671-1

DSA-1696-1

DSA-1697-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10601-1

RHSA-2008:0976

RHSA-2008:0977

RHSA-2008:0978

RHSA-2008_0976

RHSA-2008_0977

RHSA-2008_0978

Affected Products

Firefox

Red Hat

Seamonkey

Suse

Thunderbird

PT-2008-6938 · Mozilla+2 · Firefox+4

CVE-2008-5024

Weakness Enumeration

Related Identifiers

Affected Products

References · 1469