Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
http://secunia.com/advisories/32684
http://secunia.com/advisories/32693
http://secunia.com/advisories/32694
http://secunia.com/advisories/32695
http://secunia.com/advisories/32713
http://secunia.com/advisories/32714
http://secunia.com/advisories/32715
http://secunia.com/advisories/32721
http://secunia.com/advisories/32778
http://secunia.com/advisories/32798
http://secunia.com/advisories/32845
http://secunia.com/advisories/32853
http://secunia.com/advisories/33433
http://secunia.com/advisories/33434
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://ubuntu.com/usn/usn-667-1
http://www.debian.org/security/2008/dsa-1669
http://www.debian.org/security/2008/dsa-1671
http://www.debian.org/security/2009/dsa-1696
http://www.debian.org/security/2009/dsa-1697
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
http://www.redhat.com/support/errata/RHSA-2008-0976.html
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.redhat.com/support/errata/RHSA-2008-0978.html
http://www.securityfocus.com/bid/32281
http://www.securitytracker.com/id?1021192
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
http://www.vupen.com/english/advisories/2008/3146
http://www.vupen.com/english/advisories/2009/0977
https://bugzilla.mozilla.org/show_bug.cgi?id=453915
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
67766 | Oracle Linux 5 : firefox (ELSA-2008-0978) | Nessus | Oracle Linux Local Security Checks | critical |
67765 | Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0977) | Nessus | Oracle Linux Local Security Checks | critical |
67764 | Oracle Linux 4 : thunderbird (ELSA-2008-0976) | Nessus | Oracle Linux Local Security Checks | critical |
63402 | GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
60498 | Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
60495 | Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
60494 | Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
43715 | CentOS 4 / 5 : firefox (CESA-2008:0978) | Nessus | CentOS Local Security Checks | critical |
43714 | CentOS 4 / 5 : thunderbird (CESA-2008:0976) | Nessus | CentOS Local Security Checks | critical |
41511 | SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5813) | Nessus | SuSE Local Security Checks | critical |
41465 | SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5826) | Nessus | SuSE Local Security Checks | critical |
40131 | openSUSE Security Update : seamonkey (seamonkey-326) | Nessus | SuSE Local Security Checks | critical |
40072 | openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-329) | Nessus | SuSE Local Security Checks | critical |
39894 | openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-333) | Nessus | SuSE Local Security Checks | critical |
39884 | openSUSE Security Update : MozillaFirefox (MozillaFirefox-334) | Nessus | SuSE Local Security Checks | critical |
37735 | Fedora 10 : thunderbird-2.0.0.18-1.fc10 (2008-9901) | Nessus | Fedora Local Security Checks | critical |
37649 | Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-668-1) | Nessus | Ubuntu Local Security Checks | critical |
37572 | Mandriva Linux Security Advisory : firefox (MDVSA-2008:230) | Nessus | Mandriva Local Security Checks | critical |
37285 | Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:228) | Nessus | Mandriva Local Security Checks | critical |
37099 | Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:235) | Nessus | Mandriva Local Security Checks | critical |
36711 | Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-667-1) | Nessus | Ubuntu Local Security Checks | critical |
36485 | CentOS 3 / 4 : seamonkey (CESA-2008:0977) | Nessus | CentOS Local Security Checks | critical |
35314 | Debian DSA-1697-1 : iceape - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
35313 | Debian DSA-1696-1 : icedove - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
34967 | SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811) | Nessus | SuSE Local Security Checks | critical |
34961 | openSUSE 10 Security Update : seamonkey (seamonkey-5815) | Nessus | SuSE Local Security Checks | critical |
34960 | openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5820) | Nessus | SuSE Local Security Checks | critical |
34958 | openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5825) | Nessus | SuSE Local Security Checks | critical |
34957 | openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5812) | Nessus | SuSE Local Security Checks | critical |
34950 | Debian DSA-1671-1 : iceweasel - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
34941 | SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5786) | Nessus | SuSE Local Security Checks | critical |
34938 | Debian DSA-1669-1 : xulrunner - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
34842 | RHEL 4 / 5 : thunderbird (RHSA-2008:0976) | Nessus | Red Hat Local Security Checks | critical |
34837 | Fedora 9 : thunderbird-2.0.0.18-1.fc9 (2008-9859) | Nessus | Fedora Local Security Checks | critical |
34836 | Fedora 8 : thunderbird-2.0.0.18-1.fc8 (2008-9807) | Nessus | Fedora Local Security Checks | critical |
4762 | Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities | Nessus Network Monitor | SMTP Clients | medium |
34819 | Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities | Nessus | Windows | high |
34778 | Fedora 9 : Miro-1.2.7-2.fc9 / cairo-dock-1.6.3.1-1.fc9.1 / chmsee-1.0.1-6.fc9 / devhelp-0.19.1-6.fc9 / etc (2008-9669) | Nessus | Fedora Local Security Checks | critical |
34777 | Fedora 8 : Miro-1.2.7-2.fc8 / blam-1.8.3-19.fc8 / cairo-dock-1.6.3.1-1.fc8.1 / chmsee-1.0.0-5.31.fc8 / etc (2008-9667) | Nessus | Fedora Local Security Checks | critical |
34771 | FreeBSD : mozilla -- multiple vulnerabilities (f29fea8f-b19f-11dd-a55e-00163e000016) | Nessus | FreeBSD Local Security Checks | critical |
4753 | SeaMonkey < 1.1.13 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
4752 | Mozilla Firefox 3.x < 3.0.4 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
4751 | Mozilla Firefox < 2.0.0.18 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
34768 | SeaMonkey < 1.1.13 Multiple Vulnerabilities | Nessus | Windows | high |
34767 | Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities | Nessus | Windows | high |
34766 | Firefox < 2.0.0.18 Multiple Vulnerabilities | Nessus | Windows | high |
34764 | RHEL 4 / 5 : firefox (RHSA-2008:0978) | Nessus | Red Hat Local Security Checks | critical |
34763 | RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0977) | Nessus | Red Hat Local Security Checks | critical |
801316 | Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
800876 | SeaMonkey < 1.1.13 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
800751 | Firefox 3.x < 3.0.4 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
800741 | Firefox < 2.0.0.18 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |