PT-2011-4559 · Mozilla+2 · Firefox+3

Publicado

2011-11-08

·

Atualizado

2024-12-12

·

CVE-2011-3648

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.6.24 and 4.x through 7.0 Thunderbird versions prior to 3.1.6 and 5.0 through 7.0
Description The issue allows remote attackers to inject arbitrary web script or HTML code through crafted text with Shift JIS encoding, potentially leading to cross-site scripting (XSS) attacks. This could enable attackers to execute their chosen web script or HTML code.
Recommendations For Mozilla Firefox versions prior to 3.6.24, update to version 3.6.24 or later. For Mozilla Firefox versions 4.x through 7.0, update to a version later than 7.0. For Thunderbird versions prior to 3.1.6, update to version 3.1.6 or later. For Thunderbird versions 5.0 through 7.0, update to a version later than 7.0.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2011-3648
DSA-2341-1
DSA-2342-1
DSA-2345-1
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2011:1437
RHSA-2011:1438
RHSA-2011:1439
RHSA-2011:1440
RHSA-2011_1437
RHSA-2011_1438
RHSA-2011_1439
RHSA-2011_1440

Produtos afetados

Firefox
Red Hat
Suse
Thunderbird