CVE-2011-3656 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 41.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJun 2

Latest updateApr 22

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDmozilla/firefox4.0 — 7.0+1

🔴Vulnerability Details

GHSA

GHSA-pcv9-8f4w-qrgp: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3↗2022-04-22

▶

📋Vendor Advisories

Red Hat

Mozilla: Possible XSS via HTTP 0.9 errors and content-sniffing↗2011-11-09

▶

💬Community

Bugzilla

CVE-2011-3656 Mozilla: Possible XSS via HTTP 0.9 errors and content-sniffing↗2011-11-08

▶