CVE-2011-3079

high

Description

The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.

References

http://code.google.com/p/chromium/issues/detail?id=117627

http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html

http://osvdb.org/81645

http://rhn.redhat.com/errata/RHSA-2015-1012.html

http://secunia.com/advisories/48992

http://www.debian.org/security/2015/dsa-3260

http://www.mozilla.org/security/announce/2015/mfsa2015-57.html

http://www.securityfocus.com/bid/53309

http://www.securitytracker.com/id?1027001

https://bugzilla.mozilla.org/show_bug.cgi?id=1087565

https://exchange.xforce.ibmcloud.com/vulnerabilities/75271

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14964

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7

Details

Source: MITRE

Published: 2012-05-01

Updated: 2018-10-30

Type: CWE-399

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH