ID CVE-2011-3105
Summary Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
References
Vulnerable Configurations
  • Google Chrome 19.0.1044.0
    cpe:2.3:a:google:chrome:19.0.1044.0
  • Google Chrome 19.0.1043.0
    cpe:2.3:a:google:chrome:19.0.1043.0
  • Google Chrome 19.0.1042.0
    cpe:2.3:a:google:chrome:19.0.1042.0
  • Google Chrome 19.0.1041.0
    cpe:2.3:a:google:chrome:19.0.1041.0
  • cpe:2.3:a:google:chrome:19.0.1045.0
  • Google Chrome 19.0.1036.7
    cpe:2.3:a:google:chrome:19.0.1036.7
  • cpe:2.3:a:google:chrome:19.0.1036.6
  • cpe:2.3:a:google:chrome:19.0.1036.4
  • cpe:2.3:a:google:chrome:19.0.1036.3
  • cpe:2.3:a:google:chrome:19.0.1040.0
  • cpe:2.3:a:google:chrome:19.0.1039.0
  • Google Chrome 19.0.1038.0
    cpe:2.3:a:google:chrome:19.0.1038.0
  • cpe:2.3:a:google:chrome:19.0.1037.0
  • cpe:2.3:a:google:chrome:19.0.1030.0
  • cpe:2.3:a:google:chrome:19.0.1031.0
  • Google Chrome 19.0.1032.0
    cpe:2.3:a:google:chrome:19.0.1032.0
  • cpe:2.3:a:google:chrome:19.0.1033.0
  • Google Chrome 19.0.1034.0
    cpe:2.3:a:google:chrome:19.0.1034.0
  • cpe:2.3:a:google:chrome:19.0.1035.0
  • Google Chrome 19.0.1036.0
    cpe:2.3:a:google:chrome:19.0.1036.0
  • Google Chrome 19.0.1036.2
    cpe:2.3:a:google:chrome:19.0.1036.2
  • cpe:2.3:a:google:chrome:19.0.1028.0
  • cpe:2.3:a:google:chrome:19.0.1029.0
  • Google Chrome 19.0.1046.0
    cpe:2.3:a:google:chrome:19.0.1046.0
  • Google Chrome 19.0.1047.0
    cpe:2.3:a:google:chrome:19.0.1047.0
  • Google Chrome 19.0.1048.0
    cpe:2.3:a:google:chrome:19.0.1048.0
  • Google Chrome 19.0.1049.0
    cpe:2.3:a:google:chrome:19.0.1049.0
  • Google Chrome 19.0.1049.1
    cpe:2.3:a:google:chrome:19.0.1049.1
  • Google Chrome 19.0.1049.2
    cpe:2.3:a:google:chrome:19.0.1049.2
  • Google Chrome 19.0.1049.3
    cpe:2.3:a:google:chrome:19.0.1049.3
  • Google Chrome 19.0.1050.0
    cpe:2.3:a:google:chrome:19.0.1050.0
  • Google Chrome 19.0.1051.0
    cpe:2.3:a:google:chrome:19.0.1051.0
  • Google Chrome 19.0.1052.0
    cpe:2.3:a:google:chrome:19.0.1052.0
  • Google Chrome 19.0.1053.0
    cpe:2.3:a:google:chrome:19.0.1053.0
  • Google Chrome 19.0.1054.0
    cpe:2.3:a:google:chrome:19.0.1054.0
  • Google Chrome 19.0.1055.0
    cpe:2.3:a:google:chrome:19.0.1055.0
  • Google Chrome 19.0.1055.1
    cpe:2.3:a:google:chrome:19.0.1055.1
  • Google Chrome 19.0.1055.2
    cpe:2.3:a:google:chrome:19.0.1055.2
  • Google Chrome 19.0.1055.3
    cpe:2.3:a:google:chrome:19.0.1055.3
  • Google Chrome 19.0.1056.0
    cpe:2.3:a:google:chrome:19.0.1056.0
  • Google Chrome 19.0.1056.1
    cpe:2.3:a:google:chrome:19.0.1056.1
  • Google Chrome 19.0.1057.0
    cpe:2.3:a:google:chrome:19.0.1057.0
  • Google Chrome 19.0.1057.1
    cpe:2.3:a:google:chrome:19.0.1057.1
  • Google Chrome 19.0.1057.3
    cpe:2.3:a:google:chrome:19.0.1057.3
  • Google Chrome 19.0.1058.0
    cpe:2.3:a:google:chrome:19.0.1058.0
  • Google Chrome 19.0.1058.1
    cpe:2.3:a:google:chrome:19.0.1058.1
  • Google Chrome 19.0.1059.0
    cpe:2.3:a:google:chrome:19.0.1059.0
  • Google Chrome 19.0.1060.0
    cpe:2.3:a:google:chrome:19.0.1060.0
  • Google Chrome 19.0.1060.1
    cpe:2.3:a:google:chrome:19.0.1060.1
  • Google Chrome 19.0.1061.0
    cpe:2.3:a:google:chrome:19.0.1061.0
  • Google Chrome 19.0.1061.1
    cpe:2.3:a:google:chrome:19.0.1061.1
  • Google Chrome 19.0.1062.0
    cpe:2.3:a:google:chrome:19.0.1062.0
  • Google Chrome 19.0.1062.1
    cpe:2.3:a:google:chrome:19.0.1062.1
  • Google Chrome 19.0.1063.0
    cpe:2.3:a:google:chrome:19.0.1063.0
  • Google Chrome 19.0.1063.1
    cpe:2.3:a:google:chrome:19.0.1063.1
  • Google Chrome 19.0.1064.0
    cpe:2.3:a:google:chrome:19.0.1064.0
  • Google Chrome 19.0.1065.0
    cpe:2.3:a:google:chrome:19.0.1065.0
  • Google Chrome 19.0.1066.0
    cpe:2.3:a:google:chrome:19.0.1066.0
  • Google Chrome 19.0.1067.0
    cpe:2.3:a:google:chrome:19.0.1067.0
  • Google Chrome 19.0.1068.0
    cpe:2.3:a:google:chrome:19.0.1068.0
  • Google Chrome 19.0.1068.1
    cpe:2.3:a:google:chrome:19.0.1068.1
  • Google Chrome 19.0.1069.0
    cpe:2.3:a:google:chrome:19.0.1069.0
  • Google Chrome 19.0.1070.0
    cpe:2.3:a:google:chrome:19.0.1070.0
  • Google Chrome 19.0.1071.0
    cpe:2.3:a:google:chrome:19.0.1071.0
  • Google Chrome 19.0.1072.0
    cpe:2.3:a:google:chrome:19.0.1072.0
  • Google Chrome 19.0.1073.0
    cpe:2.3:a:google:chrome:19.0.1073.0
  • Google Chrome 19.0.1074.0
    cpe:2.3:a:google:chrome:19.0.1074.0
  • Google Chrome 19.0.1075.0
    cpe:2.3:a:google:chrome:19.0.1075.0
  • Google Chrome 19.0.1076.0
    cpe:2.3:a:google:chrome:19.0.1076.0
  • Google Chrome 19.0.1076.1
    cpe:2.3:a:google:chrome:19.0.1076.1
  • Google Chrome 19.0.1077.0
    cpe:2.3:a:google:chrome:19.0.1077.0
  • Google Chrome 19.0.1077.1
    cpe:2.3:a:google:chrome:19.0.1077.1
  • Google Chrome 19.0.1077.2
    cpe:2.3:a:google:chrome:19.0.1077.2
  • Google Chrome 19.0.1077.3
    cpe:2.3:a:google:chrome:19.0.1077.3
  • Google Chrome 19.0.1078.0
    cpe:2.3:a:google:chrome:19.0.1078.0
  • Google Chrome 19.0.1079.0
    cpe:2.3:a:google:chrome:19.0.1079.0
  • Google Chrome 19.0.1080.0
    cpe:2.3:a:google:chrome:19.0.1080.0
  • Google Chrome 19.0.1081.0
    cpe:2.3:a:google:chrome:19.0.1081.0
  • Google Chrome 19.0.1081.2
    cpe:2.3:a:google:chrome:19.0.1081.2
  • Google Chrome 19.0.1082.0
    cpe:2.3:a:google:chrome:19.0.1082.0
  • Google Chrome 19.0.1082.1
    cpe:2.3:a:google:chrome:19.0.1082.1
  • Google Chrome 19.0.1083.0
    cpe:2.3:a:google:chrome:19.0.1083.0
  • Google Chrome 19.0.1084.0
    cpe:2.3:a:google:chrome:19.0.1084.0
  • Google Chrome 19.0.1084.1
    cpe:2.3:a:google:chrome:19.0.1084.1
  • Google Chrome 19.0.1084.10
    cpe:2.3:a:google:chrome:19.0.1084.10
  • Google Chrome 19.0.1084.11
    cpe:2.3:a:google:chrome:19.0.1084.11
  • Google Chrome 19.0.1084.12
    cpe:2.3:a:google:chrome:19.0.1084.12
  • Google Chrome 19.0.1084.13
    cpe:2.3:a:google:chrome:19.0.1084.13
  • Google Chrome 19.0.1084.14
    cpe:2.3:a:google:chrome:19.0.1084.14
  • Google Chrome 19.0.1084.15
    cpe:2.3:a:google:chrome:19.0.1084.15
  • Google Chrome 19.0.1084.16
    cpe:2.3:a:google:chrome:19.0.1084.16
  • Google Chrome 19.0.1084.17
    cpe:2.3:a:google:chrome:19.0.1084.17
  • Google Chrome 19.0.1084.18
    cpe:2.3:a:google:chrome:19.0.1084.18
  • Google Chrome 19.0.1084.19
    cpe:2.3:a:google:chrome:19.0.1084.19
  • Google Chrome 19.0.1084.2
    cpe:2.3:a:google:chrome:19.0.1084.2
  • Google Chrome 19.0.1084.20
    cpe:2.3:a:google:chrome:19.0.1084.20
  • Google Chrome 19.0.1084.21
    cpe:2.3:a:google:chrome:19.0.1084.21
  • Google Chrome 19.0.1084.22
    cpe:2.3:a:google:chrome:19.0.1084.22
  • Google Chrome 19.0.1084.23
    cpe:2.3:a:google:chrome:19.0.1084.23
  • Google Chrome 19.0.1084.24
    cpe:2.3:a:google:chrome:19.0.1084.24
  • Google Chrome 19.0.1084.25
    cpe:2.3:a:google:chrome:19.0.1084.25
  • Google Chrome 19.0.1084.26
    cpe:2.3:a:google:chrome:19.0.1084.26
  • Google Chrome 19.0.1084.27
    cpe:2.3:a:google:chrome:19.0.1084.27
  • Google Chrome 19.0.1084.28
    cpe:2.3:a:google:chrome:19.0.1084.28
  • Google Chrome 19.0.1084.29
    cpe:2.3:a:google:chrome:19.0.1084.29
  • Google Chrome 19.0.1084.3
    cpe:2.3:a:google:chrome:19.0.1084.3
  • Google Chrome 19.0.1084.30
    cpe:2.3:a:google:chrome:19.0.1084.30
  • Google Chrome 19.0.1084.31
    cpe:2.3:a:google:chrome:19.0.1084.31
  • Google Chrome 19.0.1084.32
    cpe:2.3:a:google:chrome:19.0.1084.32
  • Google Chrome 19.0.1084.33
    cpe:2.3:a:google:chrome:19.0.1084.33
  • Google Chrome 19.0.1084.35
    cpe:2.3:a:google:chrome:19.0.1084.35
  • Google Chrome 19.0.1084.36
    cpe:2.3:a:google:chrome:19.0.1084.36
  • Google Chrome 19.0.1084.37
    cpe:2.3:a:google:chrome:19.0.1084.37
  • Google Chrome 19.0.1084.38
    cpe:2.3:a:google:chrome:19.0.1084.38
  • Google Chrome 19.0.1084.39
    cpe:2.3:a:google:chrome:19.0.1084.39
  • Google Chrome 19.0.1084.4
    cpe:2.3:a:google:chrome:19.0.1084.4
  • Google Chrome 19.0.1084.40
    cpe:2.3:a:google:chrome:19.0.1084.40
  • Google Chrome 19.0.1084.41
    cpe:2.3:a:google:chrome:19.0.1084.41
  • Google Chrome 19.0.1084.42
    cpe:2.3:a:google:chrome:19.0.1084.42
  • Google Chrome 19.0.1084.43
    cpe:2.3:a:google:chrome:19.0.1084.43
  • Google Chrome 19.0.1084.44
    cpe:2.3:a:google:chrome:19.0.1084.44
  • Google Chrome 19.0.1084.45
    cpe:2.3:a:google:chrome:19.0.1084.45
  • Google Chrome 19.0.1084.46
    cpe:2.3:a:google:chrome:19.0.1084.46
  • Google Chrome 19.0.1084.47
    cpe:2.3:a:google:chrome:19.0.1084.47
  • Google Chrome 19.0.1084.48
    cpe:2.3:a:google:chrome:19.0.1084.48
  • Google Chrome 19.0.1084.5
    cpe:2.3:a:google:chrome:19.0.1084.5
  • Google Chrome 19.0.1084.50
    cpe:2.3:a:google:chrome:19.0.1084.50
  • Google Chrome 19.0.1084.6
    cpe:2.3:a:google:chrome:19.0.1084.6
  • Google Chrome 19.0.1084.7
    cpe:2.3:a:google:chrome:19.0.1084.7
  • Google Chrome 19.0.1084.8
    cpe:2.3:a:google:chrome:19.0.1084.8
  • Google Chrome 19.0.1084.9
    cpe:2.3:a:google:chrome:19.0.1084.9
  • Google Chrome 19.0.1084.51
    cpe:2.3:a:google:chrome:19.0.1084.51
CVSS
Base: 7.5 (as of 24-05-2012 - 15:57)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_219D0BFDA91511E1B51900262D5ED8EE.NASL
    description Google Chrome Releases reports : [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson). [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz. [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan). [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan). [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to 'efbiaiinzinz'. [Linux only] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholome. [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler. [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts). [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.
    last seen 2019-02-21
    modified 2013-06-21
    plugin id 59281
    published 2012-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59281
    title FreeBSD : chromium -- multiple vulnerabilities (219d0bfd-a915-11e1-b519-00262d5ed8ee)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI6_0_1.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0.1. It is, therefore, potentially affected by several issues : - A logic error in Safari's handling of the Quarantine attribute caused the safe mode not to be triggered on Quarantined files, which could lead to the disclosure of local file contents. (CVE-2012-3713) - A rare condition in the handling of Form Autofill could lead to the disclosure of information from the Address Book 'Me' card that was not included in the Autofill popover. (CVE-2012-3714) - A logic issue in the handling of HTTPS URLs in the address bar when pasting text could result in the request being sent over HTTP. (CVE-2012-3715) - Numerous issues exist in WebKit. (CVE-2011-3105 / CVE-2012-2817 / CVE-2012-2818 / CVE-2012-2829 / CVE-2012-2831 / CVE-2012-2842 / CVE-2012-2843 / CVE-2012-3598 / CVE-2012-3601 / CVE-2012-3602 / CVE-2012-3606 / CVE-2012-3607 / CVE-2012-3612 / CVE-2012-3613 / CVE-2012-3614 / CVE-2012-3616 / CVE-2012-3617 / CVE-2012-3621 / CVE-2012-3622 / CVE-2012-3623 / CVE-2012-3624 / CVE-2012-3632 / CVE-2012-3643 / CVE-2012-3647 / CVE-2012-3648 / CVE-2012-3649 / CVE-2012-3651 / CVE-2012-3652 / CVE-2012-3654 / CVE-2012-3657 / CVE-2012-3658 / CVE-2012-3659 / CVE-2012-3660 / CVE-2012-3671 / CVE-2012-3672 / CVE-2012-3673 / CVE-2012-3675 / CVE-2012-3676 / CVE-2012-3677 / CVE-2012-3684 / CVE-2012-3685 / CVE-2012-3687 / CVE-2012-3688 / CVE-2012-3692 / CVE-2012-3699 / CVE-2012-3700 / CVE-2012-3701 / CVE-2012-3702 / CVE-2012-3703 / CVE-2012-3704 / CVE-2012-3705 / CVE-2012-3706 / CVE-2012-3707 / CVE-2012-3708 / CVE-2012-3709 / CVE-2012-3710 / CVE-2012-3711 / CVE-2012-3712)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62216
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62216
    title Mac OS X : Apple Safari < 6.0.1 Multiple Vulnerabilities
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_10_7_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 10.7. It is, therefore, affected by multiple memory corruption vulnerabilities in the WebKit component.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 62078
    published 2012-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62078
    title Apple iTunes < 10.7 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Windows
    NASL id ITUNES_10_7.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 10.7 and is, therefore, affected by multiple memory corruption vulnerabilities in WebKit.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 62077
    published 2012-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62077
    title Apple iTunes < 10.7 Multiple Vulnerabilities (credentialed check)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201205-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201205-04 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 59628
    published 2012-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59628
    title GLSA-201205-04 : Chromium, V8: Multiple vulnerabilities
  • NASL family Windows
    NASL id GOOGLE_CHROME_19_0_1084_52.NASL
    description The version of Google Chrome installed on the remote host is earlier than 19.0.1084.52 and is, therefore, affected by the following vulnerabilities : - An error exists in the v8 JavaScript engine that can cause application crashes during garbage collection. (CVE-2011-3103) - An out-of-bounds read error exists related to 'Skia'. (CVE-2011-3104) - Use-after-free errors exist related to 'first-letter handling', browser cache, and invalid encrypted PDFs. (CVE-2011-3105, CVE-2011-3108, CVE-2011-3112) - A memory corruption error exists related to websockets and SSL. (CVE-2011-3106) - An error exists related to plugin-in JavaScript bindings that can cause the application to crash. (CVE-2011-3107) - An out-of-bounds write error exists related to PDF processing. (CVE-2011-3110) - An invalid read error exists related to the v8 JavaScript engine. (CVE-2011-3111) - An invalid cast error exists related to colorspace handling in PDF processing. (CVE-2011-3113) - A buffer overflow error exists related to PDF functions. (CVE-2011-3114) - A type corruption error exists related to the v8 JavaScript engine. (CVE-2011-3115)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 59255
    published 2012-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59255
    title Google Chrome < 19.0.1084.52 Multiple Vulnerabilities
oval via4
accepted 2013-08-12T04:07:40.624-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
family windows
id oval:org.mitre.oval:def:15535
status accepted
submitted 2012-05-24T16:15:52.000-04:00
title Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 via vectors related to the :first-letter pseudo-element
version 44
refmap via4
apple
  • APPLE-SA-2012-09-12-1
  • APPLE-SA-2012-09-19-1
  • APPLE-SA-2012-09-19-3
bid 53679
confirm
gentoo GLSA-201205-04
osvdb 82242
sectrack 1027098
secunia
  • 49277
  • 49306
Last major update 19-11-2012 - 23:35
Published 24-05-2012 - 14:55
Last modified 18-09-2017 - 21:33
Back to Top