Exploit the possiblities
Showing 1 - 13 of 13 RSS Feed

CVE-2011-3648

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.

Related Files

Ubuntu Security Notice USN-1254-1
Posted Dec 22, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1254-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | 54d62594ca5f1739d2bdaee96d5aa8ad
Ubuntu Security Notice USN-1282-1
Posted Nov 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1282-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, javascript
systems | linux, ubuntu
advisories | CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | 0f8be181a4741f28ef240fd3470242a0
Ubuntu Security Notice USN-1277-2
Posted Nov 24, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1277-2 - USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were addressed as well.

tags | advisory, web, denial of service, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | 4c5cf8a2d6a455628518e110753cd9c8
Ubuntu Security Notice USN-1277-1
Posted Nov 24, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1277-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, javascript
systems | linux, ubuntu
advisories | CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | ec1bbab85b1672ddd6bdab441702f7fd
Debian Security Advisory 2345-1
Posted Nov 12, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2345-1 - Several vulnerabilities have been discovered in Icedove, a mail client based on Thunderbird.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | bc8393b20a478498203137c18c33dfef
Ubuntu Security Notice USN-1251-1
Posted Nov 11, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1251-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. A malicious website could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650, CVE-2011-3004
MD5 | f188571b974464ebb92e478aeb093cc6
Mandriva Linux Security Advisory 2011-169
Posted Nov 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-169 - Security issues were identified and fixed in mozilla NSS, firefox and thunderbird. 22 weak 512-bit certificates issued by the DigiCert Sdn. Bhd certificate authority has been revoked from the root CA storage. Untrusted search path vulnerability in Mozilla Network Security Services might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. Cross-site scripting vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, local, root, trojan, xss
systems | linux, mandriva
advisories | CVE-2011-3640, CVE-2011-3647, CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | e1ba60163ff2de637296e552394bcc62
Debian Security Advisory 2342-1
Posted Nov 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2342-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | 29e08a0d7f0ff415d109dce47ab10613
Debian Security Advisory 2341-1
Posted Nov 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2341-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | d6567ff4e985192d6a059acd490abcb8
Red Hat Security Advisory 2011-1440-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1440-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.

tags | advisory, web, javascript, xss
systems | linux, redhat
advisories | CVE-2011-3648
MD5 | 1ba5703d30377b8d5a2cb56538fbfd06
Red Hat Security Advisory 2011-1439-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1439-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content.

tags | advisory, remote, arbitrary, javascript, code execution, xss
systems | linux, redhat
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | fbdf33a32b62313e33833a825a695fd6
Red Hat Security Advisory 2011-1438-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1438-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. Note: This issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.

tags | advisory, remote, javascript, xss
systems | linux, redhat
advisories | CVE-2011-3648
MD5 | 296d04159cec16a7e2c1f8c6677791f2
Red Hat Security Advisory 2011-1437-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1437-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox. A cross-site scripting flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website.

tags | advisory, web, arbitrary, javascript, code execution, xss
systems | linux, redhat
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | 8d6fb71961dd27ee0b6044e17d02c17a
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close