Lucene search

MitreCVE-2011-0778

HistoryFeb 04, 2011 - 6:00 p.m.

CVE-2011-0778

2011-02-0418:00:03

CWE-264

mitre

web.nvd.nist.gov

cve-2011-0778

google chrome

same origin policy

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

Affected configurations

Nvd

Node

googlechromeRange≤9.0.597.83

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::

References

code.google.com/p/chromium/issues/detail?id=59081

googlechromereleases.blogspot.com/2011/02/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

secunia.com/advisories/43368

www.debian.org/security/2011/dsa-2166

www.debian.org/security/2011/dsa-2188

www.vupen.com/english/advisories/2011/0408

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14228

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Related for CVE-2011-0778