SUSE CVE-2011-3367

Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name CN of a certificate via rich text...

Fedora Update for arora FEDORA-2011-14719

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)

Fixes CVE-2011-3367, an input validation flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 16 : arora-0.11.0-3.fc16 (2011-14719)

Fixes CVE-2011-3367, an input validation flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

CVE-2011-3367

CVE-2011-3367 concerns Arora (possibly 0.11 and related builds), where rendering certificate fields in a security dialog does not use a specific font, allowing a remote attacker to spoof the certificate’s CN via rich text. Multiple connected advisories confirm Arora is the affected component and ...

Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM

I recently discovered that various Qt applications including KSSL the KDE class library responsible for SSL negotiation, Rekonq, Arora and Psi IM are vulnerable to UI spoofing due to their use of QLabel objects to render externally controlled security critical information. The primary area of...