Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2011-3648 to a friend New vulnerability? New tool? Tell us	CVE-2011-3648 Mozilla Firefox and Thunderbird Shift-JIS Encoding HTML Injection Vulnerability     Credit: The original article can be found at: http://www.securityfocus.com/bid/50593 The information has been provided by Yosuke Hasegawa Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2011-3648 Details Check for CVE-2011-3648 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Mozilla Thunderbird 3.1.12  * Mozilla Thunderbird 3.1.7  * Mozilla Thunderbird 3.1.5  * Mozilla Thunderbird 3.1.5  * Mozilla Thunderbird 3.1.4  * Mozilla Thunderbird 7.0  * Mozilla Thunderbird 6  * Mozilla Thunderbird 6  * Mozilla Thunderbird 5  * Mozilla Thunderbird 3.1.9  * Mozilla Thunderbird 3.1.8  * Mozilla Thunderbird 3.1.7  * Mozilla Thunderbird 3.1.6  * Mozilla Thunderbird 3.1.3  * Mozilla Thunderbird 3.1.2  * Mozilla Thunderbird 3.1.2  * Mozilla Thunderbird 3.1.15  * Mozilla Thunderbird 3.1.11  * Mozilla Thunderbird 3.1.10  * Mozilla Thunderbird 3.1.1  * Mozilla Thunderbird 3.1  * Mozilla Firefox 3.6.13  * Mozilla Firefox 3.6.13  * Mozilla Firefox 3.6.10  * Mozilla Firefox 3.6.9  * Mozilla Firefox 3.6.8  * Mozilla Firefox 3.6.6  * Mozilla Firefox 3.6.4  * Mozilla Firefox 3.6.3  * Mozilla Firefox 3.6.2  * Mozilla Firefox 3.6.2  * Mozilla Firefox 7  * Mozilla Firefox 6  * Mozilla Firefox 5.0  * Mozilla Firefox 4.0.1  * Mozilla Firefox 4.0 Beta1  * Mozilla Firefox 4.0 Beta1  * Mozilla Firefox 4.0  * Mozilla Firefox 3.6.7  * Mozilla Firefox 3.6.6  * Mozilla Firefox 3.6.23  * Mozilla Firefox 3.6.20  * Mozilla Firefox 3.6.19  * Mozilla Firefox 3.6.18  * Mozilla Firefox 3.6.17  * Mozilla Firefox 3.6.16  * Mozilla Firefox 3.6.15  * Mozilla Firefox 3.6.14  * Mozilla Firefox 3.6.12  * Mozilla Firefox 3.6.11  * Mozilla Firefox 3.6 Beta 3  * Mozilla Firefox 3.6 Beta 2  * Mozilla Firefox 3.6 Non-Vulnerable Systems:  * Mozilla Thunderbird 8.0  * Mozilla Thunderbird 3.1.16  * Mozilla Firefox 8.0  * Mozilla Firefox 3.6.24 Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Vendor Status: Mozilla as issued an update for this vulnerablity Patch Availability: http://www.mozilla.org/en-US/products/download.html?product=firefox-12.0&os=win&lang=en-US CVE Information: CVE-2011-3648 Disclosure Timeline: Initial Release Nov 08 2011  Comments on CVE-2011-3648:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®