CVE-2011-3079

critical

Description

The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.

References

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14964

https://exchange.xforce.ibmcloud.com/vulnerabilities/75271

https://bugzilla.mozilla.org/show_bug.cgi?id=1087565

http://www.securitytracker.com/id?1027001

http://www.securityfocus.com/bid/53309

http://www.mozilla.org/security/announce/2015/mfsa2015-57.html

http://www.debian.org/security/2015/dsa-3260

http://secunia.com/advisories/48992

http://rhn.redhat.com/errata/RHSA-2015-1012.html

http://osvdb.org/81645

http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html

http://code.google.com/p/chromium/issues/detail?id=117627

Details

Source: Mitre, NVD

Published: 2012-05-01

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H