Vulnerability Description
Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arora-Browser | Arora | 0.11.0 |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2011-3367?
CVE-2011-3367 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificat...
How severe is CVE-2011-3367?
CVE-2011-3367 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3367?
Check the references section above for vendor advisories and patch information. Affected products include: Arora-Browser Arora.