CVE-2011-1187 — MEDIUM (5.0)

Q: What is CVE-2011-1187?

CVE-2011-1187 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

Q: How severe is CVE-2011-1187?

CVE-2011-1187 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1187?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.

Vulnerability Description

Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Chrome	< 10.0.648.127
Mozilla	Firefox	< 12.0
Mozilla	Seamonkey	< 2.9
Mozilla	Thunderbird	< 12.0

Related Weaknesses (CWE)

CWE-200

References

http://code.google.com/p/chromium/issues/detail?id=69187ExploitIssue TrackingVendor Advisory
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.htmlVendor Advisory
http://secunia.com/advisories/48972Third Party Advisory
http://secunia.com/advisories/49047Third Party Advisory
http://secunia.com/advisories/49055Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-32.htmlThird Party Advisory
http://www.securityfocus.com/bid/46785Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2011/0628Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=624621ExploitIssue TrackingThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65951Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=69187ExploitIssue TrackingVendor Advisory
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.htmlVendor Advisory
http://secunia.com/advisories/48972Third Party Advisory
http://secunia.com/advisories/49047Third Party Advisory

FAQ

What is CVE-2011-1187?

CVE-2011-1187 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

How severe is CVE-2011-1187?

CVE-2011-1187 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1187?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.