Mozilla Foundation Security Advisory 2011-47

2011-11-25T00:00:00
ID SECURITYVULNS:DOC:27343
Type securityvulns
Reporter Securityvulns
Modified 2011-11-25T00:00:00

Description

Mozilla Foundation Security Advisory 2011-47

Title: Potential XSS against sites using Shift-JIS Impact: High Announced: November 8, 2011 Reporter: Yosuke Hasegawa Products: Firefox, Thunderbird

Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description

Yosuke Hasegawa reported that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. When encountering an invalid pair Mozilla would turn the entire two-byte sequence into a single unknown character rather than an unknown character followed by a valid single-byte character. On some sites attackers may have been able to end their input with the first byte of a two byte sequence; when that input was later put into a page context it might cause the following delimiter (such as a double-quote) to be consumed, breaking the format of the page. Depending on the page this could potentially be used to steal data or inject script into the page.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=690225 CVE-2011-3648