Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2011-3640
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-28 Oct, 2011 | 02:49
Updated At-29 Apr, 2026 | 01:13

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.1HIGH
AV:N/AC:H/Au:S/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.1
Base severity: HIGH
Vector:
AV:N/AC:H/Au:S/C:C/I:C/A:C
CPE Matches
Google LLC
google
>>chrome>>Versions before 17.0(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>-
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-426Primarynvd@nist.gov
CWE ID: CWE-426
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.htmlsecalert@redhat.com
Exploit
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=97426secalert@redhat.com
Exploit
Issue Tracking
Patch
Vendor Advisory
http://securityreason.com/securityalert/8483secalert@redhat.com
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=641052secalert@redhat.com
Issue Tracking
Patch
Third Party Advisory
https://hermes.opensuse.org/messages/13154861secalert@redhat.com
Broken Link
https://hermes.opensuse.org/messages/13155432secalert@redhat.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414secalert@redhat.com
Third Party Advisory
http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=97426af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Patch
Vendor Advisory
http://securityreason.com/securityalert/8483af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=641052af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
https://hermes.opensuse.org/messages/13154861af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://hermes.opensuse.org/messages/13155432af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
Source: secalert@redhat.com
Resource:
Exploit
Third Party Advisory
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=97426
Source: secalert@redhat.com
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/8483
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=641052
Source: secalert@redhat.com
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://hermes.opensuse.org/messages/13154861
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://hermes.opensuse.org/messages/13155432
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=97426
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/8483
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=641052
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://hermes.opensuse.org/messages/13154861
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://hermes.opensuse.org/messages/13155432
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Change History
0Changes found
Details not found