NVD脆弱性詳細

CVE-2008-5024

概要	Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
概要	Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18, Y SeaMonkey 1.x antes de 1.1.13 no escapan de manera apropiada los caracteres usados para el procesamiento XML, lo que permite a atacantes remotos realizar ataques de inyección de XML a través del espacio de nombres por defecto en un documento E4X.
公表日	2008年11月13日20:30
登録日	2021年1月29日13:45
最終更新日	2026年4月23日9:35

CVSS2.0 : HIGH
スコア	7.5
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	はい
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox::::::::	2.0			2.0.0.18
cpe:2.3:a:mozilla:firefox::::::::	3.0			3.0.4
cpe:2.3:a:mozilla:seamonkey::::::::	1.0			1.1.13
cpe:2.3:a:mozilla:thunderbird::::::::	2.0			2.0.0.18
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*

関連情報、対策とツール

No	URL	refsource
1	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html	secalert@redhat.com
2	http://secunia.com/advisories/32684	secalert@redhat.com
3	http://secunia.com/advisories/32693	secalert@redhat.com
4	http://secunia.com/advisories/32694	secalert@redhat.com
5	http://secunia.com/advisories/32695	secalert@redhat.com
6	http://secunia.com/advisories/32713	secalert@redhat.com
7	http://secunia.com/advisories/32714	secalert@redhat.com
8	http://secunia.com/advisories/32715	secalert@redhat.com
9	http://secunia.com/advisories/32721	secalert@redhat.com
10	http://secunia.com/advisories/32778	secalert@redhat.com
11	http://secunia.com/advisories/32798	secalert@redhat.com
12	http://secunia.com/advisories/32845	secalert@redhat.com
13	http://secunia.com/advisories/32853	secalert@redhat.com
14	http://secunia.com/advisories/33433	secalert@redhat.com
15	http://secunia.com/advisories/33434	secalert@redhat.com
16	http://secunia.com/advisories/34501	secalert@redhat.com
17	http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	secalert@redhat.com
18	http://ubuntu.com/usn/usn-667-1	secalert@redhat.com
19	http://www.debian.org/security/2008/dsa-1669	secalert@redhat.com
20	http://www.debian.org/security/2008/dsa-1671	secalert@redhat.com
21	http://www.debian.org/security/2009/dsa-1696	secalert@redhat.com
22	http://www.debian.org/security/2009/dsa-1697	secalert@redhat.com
23	http://www.mandriva.com/security/advisories?name=MDVSA-2008:228	secalert@redhat.com
24	http://www.mandriva.com/security/advisories?name=MDVSA-2008:230	secalert@redhat.com
25	http://www.mandriva.com/security/advisories?name=MDVSA-2008:235	secalert@redhat.com
26	http://www.mozilla.org/security/announce/2008/mfsa2008-58.html	secalert@redhat.com
27	http://www.redhat.com/support/errata/RHSA-2008-0976.html	secalert@redhat.com
28	http://www.redhat.com/support/errata/RHSA-2008-0977.html	secalert@redhat.com
29	http://www.redhat.com/support/errata/RHSA-2008-0978.html	secalert@redhat.com
30	http://www.securityfocus.com/bid/32281	secalert@redhat.com
31	http://www.securitytracker.com/id?1021192	secalert@redhat.com
32	http://www.us-cert.gov/cas/techalerts/TA08-319A.html	secalert@redhat.com
33	http://www.vupen.com/english/advisories/2008/3146	secalert@redhat.com
34	http://www.vupen.com/english/advisories/2009/0977	secalert@redhat.com
35	https://bugzilla.mozilla.org/show_bug.cgi?id=453915	secalert@redhat.com
36	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063	secalert@redhat.com
37	https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html	secalert@redhat.com
38	https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html	secalert@redhat.com
39	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/32684	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/32693	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/32694	af854a3a-2127-422b-91ae-364da2661108
43	http://secunia.com/advisories/32695	af854a3a-2127-422b-91ae-364da2661108
44	http://secunia.com/advisories/32713	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/32714	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/32715	af854a3a-2127-422b-91ae-364da2661108
47	http://secunia.com/advisories/32721	af854a3a-2127-422b-91ae-364da2661108
48	http://secunia.com/advisories/32778	af854a3a-2127-422b-91ae-364da2661108
49	http://secunia.com/advisories/32798	af854a3a-2127-422b-91ae-364da2661108
50	http://secunia.com/advisories/32845	af854a3a-2127-422b-91ae-364da2661108
51	http://secunia.com/advisories/32853	af854a3a-2127-422b-91ae-364da2661108
52	http://secunia.com/advisories/33433	af854a3a-2127-422b-91ae-364da2661108
53	http://secunia.com/advisories/33434	af854a3a-2127-422b-91ae-364da2661108
54	http://secunia.com/advisories/34501	af854a3a-2127-422b-91ae-364da2661108
55	http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	af854a3a-2127-422b-91ae-364da2661108
56	http://ubuntu.com/usn/usn-667-1	af854a3a-2127-422b-91ae-364da2661108
57	http://www.debian.org/security/2008/dsa-1669	af854a3a-2127-422b-91ae-364da2661108
58	http://www.debian.org/security/2008/dsa-1671	af854a3a-2127-422b-91ae-364da2661108
59	http://www.debian.org/security/2009/dsa-1696	af854a3a-2127-422b-91ae-364da2661108
60	http://www.debian.org/security/2009/dsa-1697	af854a3a-2127-422b-91ae-364da2661108
61	http://www.mandriva.com/security/advisories?name=MDVSA-2008:228	af854a3a-2127-422b-91ae-364da2661108
62	http://www.mandriva.com/security/advisories?name=MDVSA-2008:230	af854a3a-2127-422b-91ae-364da2661108
63	http://www.mandriva.com/security/advisories?name=MDVSA-2008:235	af854a3a-2127-422b-91ae-364da2661108
64	http://www.mozilla.org/security/announce/2008/mfsa2008-58.html	af854a3a-2127-422b-91ae-364da2661108
65	http://www.redhat.com/support/errata/RHSA-2008-0976.html	af854a3a-2127-422b-91ae-364da2661108
66	http://www.redhat.com/support/errata/RHSA-2008-0977.html	af854a3a-2127-422b-91ae-364da2661108
67	http://www.redhat.com/support/errata/RHSA-2008-0978.html	af854a3a-2127-422b-91ae-364da2661108
68	http://www.securityfocus.com/bid/32281	af854a3a-2127-422b-91ae-364da2661108
69	http://www.securitytracker.com/id?1021192	af854a3a-2127-422b-91ae-364da2661108
70	http://www.us-cert.gov/cas/techalerts/TA08-319A.html	af854a3a-2127-422b-91ae-364da2661108
71	http://www.vupen.com/english/advisories/2008/3146	af854a3a-2127-422b-91ae-364da2661108
72	http://www.vupen.com/english/advisories/2009/0977	af854a3a-2127-422b-91ae-364da2661108
73	https://bugzilla.mozilla.org/show_bug.cgi?id=453915	af854a3a-2127-422b-91ae-364da2661108
74	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063	af854a3a-2127-422b-91ae-364da2661108
75	https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html	af854a3a-2127-422b-91ae-364da2661108
76	https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-91	ブラインド XPath インジェクション	https://cwe.mitre.org/data/definitions/91.html