Announced November 8, 2011 Reporter Yosuke Hasegawa Impact High Products Firefox, SeaMonkey, Thunderbird Fixed in Firefox 3.6.24 Firefox 8 SeaMonkey 2.5 Thunderbird 3.1.16 Thunderbird 8 Description Yosuke Hasegawa reported that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. When encountering an invalid pair Mozilla would turn the entire two-byte sequence into a
![Potential XSS against sites using Shift-JIS](https://cdn-ak-scissors.b.st-hatena.com/image/square/fc90bbf8e8515c22f771e6a1d7f1a6a909ced87c/height=288;version=1;width=512/https%3A%2F%2Fwww.mozilla.org%2Fmedia%2Fimg%2Fmozorg%2Fmozilla-256.4720741d4108.jpg)