Vulnerability Details : CVE-2008-5024
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
Products affected by CVE-2008-5024
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Threat overview for CVE-2008-5024
Top countries where our scanners detected CVE-2008-5024
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2008-5024 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-5024!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-5024
1.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5024
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-5024
-
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5024
-
http://www.redhat.com/support/errata/RHSA-2008-0977.html
SupportThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235
MandrivaThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063
Third Party Advisory
-
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=453915
Exploit;Vendor Advisory;Issue Tracking
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
MandrivaThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
[SECURITY] Fedora 9 Update: xulrunner-1.9.0.4-1.fc9Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
MandrivaThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0976.html
SupportThird Party Advisory
-
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
Mozilla Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www.debian.org/security/2009/dsa-1696
[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilitiesThird Party Advisory
-
http://www.securityfocus.com/bid/32281
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2008/3146
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
[security-announce] SUSE Security Announcement: Mozilla (SUSE-SA:2008:055) - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
http://ubuntu.com/usn/usn-667-1
USN-667-1: Firefox and xulrunner vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.securitytracker.com/id?1021192
Third Party Advisory;VDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
[SECURITY] Fedora 8 Update: firefox-2.0.0.18-1.fc8Third Party Advisory
-
http://www.debian.org/security/2008/dsa-1671
[SECURITY] [DSA 1671-1] New iceweasel packages fix several vulnerabilitiesThird Party Advisory
-
http://www.debian.org/security/2009/dsa-1697
[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilitiesThird Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Broken Link
-
http://www.debian.org/security/2008/dsa-1669
[SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilitiesThird Party Advisory
-
http://www.vupen.com/english/advisories/2009/0977
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0978.html
SupportThird Party Advisory
Jump to