CVE-2011-3640

EUVD-2011-3599
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
< 17.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nss
bookworm
2:3.87.1-1
fixed
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
lenny
no-dsa
sid
2:3.105-2
fixed
squeeze
no-dsa
trixie
2:3.105-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
hardy
dne
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
nss
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
not-affected
Common Weakness Enumeration
References
http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
http://code.google.com/p/chromium/issues/detail?id=97426
http://securityreason.com/securityalert/8483
https://bugzilla.mozilla.org/show_bug.cgi?id=641052
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414
http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
http://code.google.com/p/chromium/issues/detail?id=97426
http://securityreason.com/securityalert/8483
https://bugzilla.mozilla.org/show_bug.cgi?id=641052
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414