Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2011-3640

Published: 28/10/2011 Updated: 17/05/2024
CVSS v2 Base Score: 7.1 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 632
Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C
Subscribe to Google

Vulnerability Summary

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome prior to 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2011-3640
Debian Bug report logs - #647614 CVE-2011-3640 Package: nss; Maintainer for nss is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 4 Nov 2011 14:45:04 UTC Severity: normal Tags: security Fixed in versions nss/313 ...
Debian Security Advisories: DSA-2339-1 nss -- several vulnerabilities
This update to the NSS cryptographic libraries revokes the trust in the DigiCert Sdn Bhd certificate authority More information can be found in the Mozilla Security Blog This update also fixes an insecure load path for pkcs11txt configuration file (CVE-2011-3640) For the oldstable distribution (lenny), this problem has been fixed in version 3 ...

References

CWE-426https://bugzilla.mozilla.org/show_bug.cgi?id=641052http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.htmlhttp://code.google.com/p/chromium/issues/detail?id=97426http://securityreason.com/securityalert/8483https://hermes.opensuse.org/messages/13154861https://hermes.opensuse.org/messages/13155432https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614https://www.debian.org/security/./dsa-2339https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook