Vulnerabilities

CVE-2008-5024

by Fred · 13/11/2008

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

Date published : 2008-11-13

http://www.securityfocus.com/bid/32281

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

Similar

Tags: Cybersecurity Alert