VulnerableCode Vulnerability Details - VCID-9f45-79mn-3ug8

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-9f45-79mn-3ug8

Essentials
Severities (2)
References (14)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-9f45-79mn-3ug8
Aliases	CVE-2011-3648
Summary	Yosuke Hasegawa reported that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. When encountering an invalid pair Mozilla would turn the entire two-byte sequence into a single unknown character rather than an unknown character followed by a valid single-byte character. On some sites attackers may have been able to end their input with the first byte of a two byte sequence; when that input was later put into a page context it might cause the following delimiter (such as a double-quote) to be consumed, breaking the format of the page. Depending on the page this could potentially be used to steal data or inject script into the page.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2011-3648
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2011-47

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-3648
751932		https://bugzilla.redhat.com/show_bug.cgi?id=751932
CVE-2011-3648		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
GLSA-201301-01		https://security.gentoo.org/glsa/201301-01
mfsa2011-47		https://www.mozilla.org/en-US/security/advisories/mfsa2011-47
RHSA-2011:1437		https://access.redhat.com/errata/RHSA-2011:1437
RHSA-2011:1438		https://access.redhat.com/errata/RHSA-2011:1438
RHSA-2011:1439		https://access.redhat.com/errata/RHSA-2011:1439
RHSA-2011:1440		https://access.redhat.com/errata/RHSA-2011:1440
USN-1251-1		https://usn.ubuntu.com/1251-1/
USN-1254-1		https://usn.ubuntu.com/1254-1/
USN-1277-1		https://usn.ubuntu.com/1277-1/
USN-1282-1		https://usn.ubuntu.com/1282-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.56853
EPSS Score	0.00338
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:27:52.745982+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2011/mfsa2011-47.md	38.6.0