CVE-2011-3367

medium

Description

Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

References

http://www.securityfocus.com/archive/1/520041

Details

Source: MITRE

Published: 2011-11-29

Updated: 2011-11-30

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM