Vulnerability Details : CVE-2011-3079
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
Products affected by CVE-2011-3079
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3079
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3079
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-3079
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3079
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14964
Repository / Oval Repository
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75271
Google Chrome IPC validation code execution CVE-2011-3079 Vulnerability Report
-
http://osvdb.org/81645
-
http://rhn.redhat.com/errata/RHSA-2015-1012.html
RHSA-2015:1012 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/53309
Google Chrome Prior to 18.0.1025.168 Multiple Security Vulnerabilities
-
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
[security-announce] openSUSE-SU-2015:0892-1: important: Update to Firefo
-
http://www.debian.org/security/2015/dsa-3260
Debian -- Security Information -- DSA-3260-1 iceweasel
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1087565
1087565 - (CVE-2011-3079) IPC Channel does not validate the listener.
-
http://www.securitytracker.com/id?1027001
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html
openSUSE-SU-2015:0934-1: moderate: Security update for MozillaFirefox
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://code.google.com/p/chromium/issues/detail?id=117627
117627 - Security: IPC Channel does not validate the listener. - chromium - Monorail
-
http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html
Chrome Releases: Stable Channel Update
-
http://www.mozilla.org/security/announce/2015/mfsa2015-57.html
Privilege escalation through IPC channel messages — Mozilla
-
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7
Security Advisories for Thunderbird — Mozilla
-
http://secunia.com/advisories/48992
Sign in
Jump to