Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Mac OS X) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to privilege escalation vulnerability

Impact

Successful exploitation will let the local attacker to execute arbitrary code with an elevated privileges. Impact Level: System/Application

Solution

Upgrade to the Google Chrome 17 or later, For updates refer to http://www.google.com/chrome

Insight

The flaw is due to an error in the Mozilla Network Security Services (NSS) library, which can be exploited by sending Trojan horse pkcs11.txt file in a top-level directory.

Affected

Google Chrome version 16.0.912.21 and prior on Mac OS X

References

http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
http://code.google.com/p/chromium/issues/detail?id=97426
https://bugzilla.mozilla.org/show_bug.cgi?id=641052

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3640

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Code Execution and DoS Vulnerabilities (Windows)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X
Adobe Acrobat Multiple Vulnerabilities - Mac OS X
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)

Take action and discover your vulnerabilities