CVE-2008-5024

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-58.html", "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-58.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=453915", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=453915", "tags": ["Exploit", "Vendor Advisory", "Issue Tracking"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/32281", "name": "32281", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228", "name": "MDVSA-2008:228", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/32721", "name": "32721", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html", "name": "FEDORA-2008-9669", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-319A.html", "name": "TA08-319A", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html", "name": "SUSE-SA:2008:055", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/32845", "name": "32845", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:235", "name": "MDVSA-2008:235", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://www.debian.org/security/2008/dsa-1669", "name": "DSA-1669", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/32714", "name": "32714", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32695", "name": "32695", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32694", "name": "32694", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32715", "name": "32715", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32693", "name": "32693", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0977.html", "name": "RHSA-2008:0977", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0978.html", "name": "RHSA-2008:0978", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2008/dsa-1671", "name": "DSA-1671", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.debian.org/security/2009/dsa-1697", "name": "DSA-1697", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/33433", "name": "33433", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2009/dsa-1696", "name": "DSA-1696", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/33434", "name": "33434", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1", "name": "256408", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://www.vupen.com/english/advisories/2009/0977", "name": "ADV-2009-0977", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/34501", "name": "34501", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1021192", "name": "1021192", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2008/3146", "name": "ADV-2008-3146", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/32798", "name": "32798", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32684", "name": "32684", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230", "name": "MDVSA-2008:230", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/32713", "name": "32713", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://ubuntu.com/usn/usn-667-1", "name": "USN-667-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/32853", "name": "32853", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0976.html", "name": "RHSA-2008:0976", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html", "name": "FEDORA-2008-9667", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/32778", "name": "32778", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063", "name": "oval:org.mitre.oval:def:9063", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-91"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-5024", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-11-13T11:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.13", "versionStartIncluding": "1.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.0.4", "versionStartIncluding": "3.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.0.18", "versionStartIncluding": "2.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.0.18", "versionStartIncluding": "2.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-02T13:50Z"}