6.5 Medium
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
48.5%
DISPUTED Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor’s response was “Strange behavior, but we’re not treating this as a security bug.”
blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html
securityreason.com/securityalert/8483
bugzilla.mozilla.org/show_bug.cgi?id=641052
code.google.com/p/chromium/issues/detail?id=97426
hermes.opensuse.org/messages/13154861
hermes.opensuse.org/messages/13155432
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414