CVE-2008-5024 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-5024 Interim 1 8 2023-12-09T02:07:33Z current 2021-05-30T12:44:31Z 2023-12-09T02:07:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-5024 Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7SM6VOPQZCMJZEWQJBG42GCCXMJKKVXN/#7SM6VOPQZCMJZEWQJBG42GCCXMJKKVXN E-Mail link for SUSE-SA:2008:055 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LZWA5IC5L2QN74MAY2LDOH57OMCZY4GE/#LZWA5IC5L2QN74MAY2LDOH57OMCZY4GE E-Mail link for openSUSE-SU-2014:1100-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed MozillaThunderbird-91.1.1-1.1 MozillaThunderbird-translations-common-91.1.1-1.1 MozillaThunderbird-translations-other-91.1.1-1.1 MozillaThunderbird-91.1.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-common-91.1.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-other-91.1.1-1.1 as a component of openSUSE Tumbleweed Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5024 openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P