1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
Candidate: CVE-2008-5024
PublicDate: 2008-11-13
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024
http://www.ubuntu.com/usn/usn-667-1
http://www.ubuntu.com/usn/usn-668-1
Description:
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird
2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape
quote characters used for XML processing, which allows remote attackers to
conduct XML injection attacks via the default namespace in an E4X document.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to: asac
Patches_firefox:
upstream_firefox: released (2.0.0.18)
dapper_firefox: released (1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1)
gutsy_firefox: released (2.0.0.18+nobinonly-0ubuntu0.7.10)
hardy_firefox: released (2.0.0.18+nobinonly-0ubuntu0.8.04.1)
intrepid_firefox: DNE
devel_firefox: DNE
Patches_firefox-3.0:
upstream_firefox-3.0: needs-triage
dapper_firefox-3.0: DNE
gutsy_firefox-3.0: needed (reached end-of-life)
hardy_firefox-3.0: released (3.0.4+nobinonly-0ubuntu0.8.04.1)
intrepid_firefox-3.0: released (3.0.4+nobinonly-0ubuntu0.8.10.1)
devel_firefox-3.0: released (3.0.4+nobinonly-0ubuntu2)
Patches_iceweasel:
upstream_iceweasel: needs-triage
dapper_iceweasel: DNE
gutsy_iceweasel: DNE
hardy_iceweasel: DNE
intrepid_iceweasel: DNE
devel_iceweasel: DNE
Patches_xulrunner:
upstream_xulrunner: needs-triage
dapper_xulrunner: DNE
gutsy_xulrunner: released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
hardy_xulrunner: released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1)
intrepid_xulrunner: released (1.8.1.16+nobinonly-0ubuntu1)
devel_xulrunner: released (1.8.1.16+nobinonly-0ubuntu1)
Patches_xulrunner-1.9:
upstream_xulrunner-1.9: released (1.9.0.4)
dapper_xulrunner-1.9: DNE
gutsy_xulrunner-1.9: needed (reached end-of-life)
hardy_xulrunner-1.9: released (1.9.0.4+nobinonly-0ubuntu0.8.04.1)
intrepid_xulrunner-1.9: released (1.9.0.4+nobinonly-0ubuntu0.8.10.1)
devel_xulrunner-1.9: released (1.9.0.4+nobinonly-0ubuntu1)
Patches_seamonkey:
upstream_seamonkey: released (1.1.13)
dapper_seamonkey: DNE
gutsy_seamonkey: DNE
hardy_seamonkey: released (1.1.15+nobinonly-0ubuntu0.8.04.2)
intrepid_seamonkey: released (1.1.15+nobinonly-0ubuntu0.8.10.2)
devel_seamonkey: released (1.1.13+nobinonly-0ubuntu1)
Patches_iceape:
upstream_iceape: released (1.1.13)
dapper_iceape: DNE
gutsy_iceape: needed (reached end-of-life)
hardy_iceape: DNE
intrepid_iceape: DNE
devel_iceape: DNE
Patches_thunderbird:
upstream_thunderbird: released (2.0.0.18)
dapper_thunderbird: DNE
gutsy_thunderbird: released (2.0.0.18+nobinonly-0ubuntu0.7.10.1)
hardy_thunderbird: released (2.0.0.18+nobinonly-0ubuntu0.8.04.1)
intrepid_thunderbird: released (2.0.0.18+nobinonly-0ubuntu0.8.10.1)
devel_thunderbird: released (2.0.0.18+nobinonly-0ubuntu1)
Patches_mozilla-thunderbird:
upstream_mozilla-thunderbird: needs-triage
dapper_mozilla-thunderbird: released (1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1)
gutsy_mozilla-thunderbird: DNE
hardy_mozilla-thunderbird: DNE
intrepid_mozilla-thunderbird: DNE
devel_mozilla-thunderbird: DNE
Patches_icedove:
upstream_icedove: needs-triage
dapper_icedove: DNE
gutsy_icedove: DNE
hardy_icedove: DNE
intrepid_icedove: DNE
devel_icedove: DNE
|