PT-2011-4559 · Mozilla+2 · Firefox+3

Published

2011-11-08

Updated

2024-12-12

CVE-2011-3648

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.6.24 and 4.x through 7.0 Thunderbird versions prior to 3.1.6 and 5.0 through 7.0

Description The issue allows remote attackers to inject arbitrary web script or HTML code through crafted text with Shift JIS encoding, potentially leading to cross-site scripting (XSS) attacks. This could enable attackers to execute their chosen web script or HTML code.

Recommendations For Mozilla Firefox versions prior to 3.6.24, update to version 3.6.24 or later. For Mozilla Firefox versions 4.x through 7.0, update to a version later than 7.0. For Thunderbird versions prior to 3.1.6, update to version 3.1.6 or later. For Thunderbird versions 5.0 through 7.0, update to a version later than 7.0.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2011-3648

DSA-2341-1

DSA-2342-1

DSA-2345-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

RHSA-2011:1437

RHSA-2011:1438

RHSA-2011:1439

RHSA-2011:1440

RHSA-2011_1437

RHSA-2011_1438

RHSA-2011_1439

RHSA-2011_1440

Affected Products

Firefox

Red Hat

Suse

Thunderbird

PT-2011-4559 · Mozilla+2 · Firefox+3

CVE-2011-3648

Weakness Enumeration

Related Identifiers

Affected Products

References · 3093