CVE-2008-5024

CVE-2008-5024 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

Learn more about our Web Application Penetration Testing UK.