Vulnerability Details : CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2011-3881
Probability of exploitation activity in the next 30 days: 0.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-3881
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-3881
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3881
-
http://code.google.com/p/chromium/issues/detail?id=96047
Inloggen - Google AccountsPermissions Required
-
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://code.google.com/p/chromium/issues/detail?id=99750
Inloggen - Google AccountsPermissions Required
-
http://secunia.com/advisories/48288
Sign inThird Party Advisory
-
http://code.google.com/p/chromium/issues/detail?id=98053
Inloggen - Google AccountsPermissions Required
-
http://secunia.com/advisories/48377
Sign inThird Party Advisory
-
http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html
Miscellaneous Ramblings of A Ethical HackerThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef
109d59bf6fe4abfd001fc60ddd403f1046b117ef - platform/external/webkit - Git at GooglePatch;Third Party Advisory
-
http://code.google.com/p/chromium/issues/detail?id=96885
Inloggen - Google AccountsPermissions Required
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/70959
Google Chrome security bypass CVE-2011-3881 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
Chrome Releases: Chrome Stable ReleaseVendor Advisory
-
http://www.securitytracker.com/id?1026774
Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12940
Repository / Oval RepositoryThird Party Advisory
-
http://code.google.com/p/chromium/issues/detail?id=99512
Inloggen - Google AccountsPermissions Required
Products affected by CVE-2011-3881
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*