CVE-2011-3648
Published: 9 November 2011
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(3.6.24+build2+nobinonly-0ubuntu0.10.04.1)
|
|
maverick |
Released
(3.6.24+build2+nobinonly-0ubuntu0.10.10.1)
|
|
natty |
Released
(8.0+build1-0ubuntu0.11.04.3)
|
|
oneiric |
Released
(8.0+build1-0ubuntu0.11.10.3)
|
|
precise |
Not vulnerable
(9.0~b2+build1-0ubuntu1)
|
|
quantal |
Not vulnerable
(9.0~b2+build1-0ubuntu1)
|
|
raring |
Not vulnerable
(9.0~b2+build1-0ubuntu1)
|
|
saucy |
Not vulnerable
(9.0~b2+build1-0ubuntu1)
|
|
upstream |
Needs triage
|
|
seamonkey Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
|
thunderbird Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(3.1.16+build2+nobinonly-0ubuntu0.10.04.1)
|
|
maverick |
Released
(3.1.16+build2+nobinonly-0ubuntu0.10.10.1)
|
|
natty |
Released
(3.1.16+build2+nobinonly-0ubuntu0.11.04.1)
|
|
oneiric |
Released
(8.0+build1-0ubuntu0.11.10.1)
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xulrunner-1.9.2 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1.9.2.24+build2+nobinonly-0ubuntu0.10.04.1)
|
|
maverick |
Released
(1.9.2.24+build2+nobinonly-0ubuntu0.10.10.1)
|
|
natty |
Released
(1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
|
xulrunner-2.0 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
- https://bugzilla.mozilla.org/show_bug.cgi?id=690225
- https://ubuntu.com/security/notices/USN-1251-1
- https://ubuntu.com/security/notices/USN-1277-1
- https://ubuntu.com/security/notices/USN-1282-1
- https://ubuntu.com/security/notices/USN-1254-1
- NVD
- Launchpad
- Debian