Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value


Disclosure Date: November 13, 2008 (last updated June 05, 2020)
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before, Thunderbird 2.x before, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.