Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability
BID:50593
Info
Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability
| Bugtraq ID: | 50593 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-3648 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2011 12:00AM |
| Updated: | Sep 16 2014 08:28PM |
| Credit: | Yosuke Hasegawa |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 SuSE SUSE Linux Enterprise Server 11 SP1 SuSE SUSE Linux Enterprise Server 10 SP4 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise SDK 10 SP4 SuSE SUSE Linux Enterprise Desktop 11 SP1 SuSE SUSE Linux Enterprise Desktop 10 SP4 SuSE openSUSE 11.4 SuSE openSUSE 11.3 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop version 4 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Oracle Enterprise Linux 4 Mozilla Thunderbird 3.1.12 Mozilla Thunderbird 3.1.7 Mozilla Thunderbird 3.1.5 Mozilla Thunderbird 3.1.5 Mozilla Thunderbird 3.1.4 Mozilla Thunderbird 7.0 Mozilla Thunderbird 6 Mozilla Thunderbird 6 Mozilla Thunderbird 5 Mozilla Thunderbird 3.1.9 Mozilla Thunderbird 3.1.8 Mozilla Thunderbird 3.1.7 Mozilla Thunderbird 3.1.6 Mozilla Thunderbird 3.1.3 Mozilla Thunderbird 3.1.2 Mozilla Thunderbird 3.1.2 Mozilla Thunderbird 3.1.15 Mozilla Thunderbird 3.1.11 Mozilla Thunderbird 3.1.10 Mozilla Thunderbird 3.1.1 Mozilla Thunderbird 3.1 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.2 Mozilla Firefox 3.6.2 Mozilla Firefox 7 Mozilla Firefox 6 Mozilla Firefox 5.0 Mozilla Firefox 4.0.1 Mozilla Firefox 4.0 Beta1 Mozilla Firefox 4.0 Beta1 Mozilla Firefox 4.0 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.19 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.16 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.12 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6 Beta 3 Mozilla Firefox 3.6 Beta 2 Mozilla Firefox 3.6 Moonchild Productions Pale Moon 3.6.26 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Avaya Messaging Storage Server 5.2.8 Avaya Messaging Storage Server 5.2.2 Avaya Messaging Storage Server 5.2 SP3 Avaya Messaging Storage Server 5.2 SP2 Avaya Messaging Storage Server 5.2 SP1 Avaya Messaging Storage Server 5.2 Avaya Messaging Storage Server 5.1 SP2 Avaya Messaging Storage Server 5.1 SP1 Avaya Messaging Storage Server 5.1 Avaya Messaging Storage Server 5.0 Avaya Messaging Storage Server 4.0 Avaya Message Networking 5.2.1 Avaya Message Networking 5.2.4 Avaya Message Networking 5.2.3 Avaya Message Networking 5.2.2 Avaya Message Networking 5.2 SP1 Avaya Message Networking 5.2 Avaya Message Networking 3.1 |
| Not Vulnerable: |
Mozilla Thunderbird 8.0 Mozilla Thunderbird 3.1.16 Mozilla Firefox 8.0 Mozilla Firefox 3.6.24 Moonchild Productions Pale Moon 3.6.27 |
Discussion
Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability
Mozilla Firefox and Thunderbird are prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
This issue is fixed in:
Firefox 8.0
Firefox 3.6.24
Thunderbird 8.0
Thunderbird 3.1.16
Mozilla Firefox and Thunderbird are prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
This issue is fixed in:
Firefox 8.0
Firefox 3.6.24
Thunderbird 8.0
Thunderbird 3.1.16
Exploit / POC
Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability
References:
References:
- firefox security update (RHSA-2011-1437) (Avaya)
- Mozilla Firefox Homepage (Mozilla)
- Pale Moon: Release notes 3.6 (Moonchild Productions )
- Thunderbird Homepage (Mozilla)
- MFSA 2011-47 Mozilla Foundation Security Advisory 2011-47 (Mozilla)