var-201203-0179
Vulnerability from variot
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-site scripting attacks; other attacks may also be possible. Versions prior to Chrome 18.0.1025.142 are vulnerable. Google Chrome is a web browser developed by Google (Google). CVE-ID CVE-2011-3058 : Masato Kinugawa
Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user-mode process may be able to access the first page of kernel memory Description: The iOS kernel has checks to validate that the user- mode pointer and length passed to the copyin and copyout functions would not result in a user-mode process being able to directly access kernel memory. The checks were not being used if the length was smaller than one page.
StoreKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: JavaScript may be enabled in Mobile Safari without user interaction Description: If a user disabled JavaScript in Safari Preferences, visiting a site which displayed a Smart App Banner would re-enable JavaScript without warning the user. This issue was addressed by not enabling JavaScript when visiting a site with a Smart App Banner. CVE-ID CVE-2012-2824 : miaubiz CVE-2012-2857 : Arthur Gerkis CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3621 : Skylined of the Google Chrome Security Team CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3687 : kuzzcc CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0951 : Apple CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team CVE-2013-0955 : Apple CVE-2013-0956 : Apple Product Security CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0968 : Aaron Nelson
WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Copying and pasting content on a malicious website may lead to a cross-site scripting attack Description: A cross-site scripting issue existed in the handling of content pasted from a different origin. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "6.1". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-24
http://security.gentoo.org/
Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: March 30, 2012 Bugs: #410045 ID: 201203-24
Synopsis
Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.
Background
Chromium is an open source web browser project. V8 is Google's open source JavaScript engine. SPDY is an experimental networking protocol.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.142 >= 18.0.1025.142 2 dev-lang/v8 < 3.8.9.16 >= 3.8.9.16 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.
Impact
A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition.
The attacker could also entice a user to open a specially crafted web site using Chromium, possibly resulting in cross-site scripting (XSS), or an unspecified SPDY certificate checking error.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.142"
All V8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.8.9.16"
References
[ 1 ] CVE-2011-3057 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3057 [ 2 ] CVE-2011-3058 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3058 [ 3 ] CVE-2011-3059 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3059 [ 4 ] CVE-2011-3060 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3060 [ 5 ] CVE-2011-3061 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3061 [ 6 ] CVE-2011-3062 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3062 [ 7 ] CVE-2011-3063 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3063 [ 8 ] CVE-2011-3064 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3064 [ 9 ] CVE-2011-3065 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3065 [ 10 ] Release Notes 18.0.1025.142
http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-a= nd-beta-channel.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001
OS X Mountain Lion v10.8.3 and Security Update 2013-001 is now available and addresses the following:
Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: A canonicalization issue existed in the handling of URIs with ignorable Unicode character sequences. This issue was addressed by updating mod_hfs_apple to forbid access to URIs with ignorable Unicode character sequences. CVE-ID CVE-2013-0966 : Clint Ruoho of Laconic Security
CoreTypes Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in is disabled Description: Java Web Start applications would run even if the Java plug-in was disabled. This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory. CVE-ID CVE-2013-0967
International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table. CVE-ID CVE-2011-3058 : Masato Kinugawa
Identity Services Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: Authentication relying on certificate-based Apple ID authentication may be bypassed Description: An error handling issue existed in Identity Services. If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string. CVE-ID CVE-2013-0963
ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images. CVE-ID CVE-2012-2088
IOAcceleratorFamily Available for: OS X Mountain Lion v10.8 to v10.8.2 Impact: Viewing a maliciously crafted image may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of graphics data. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0976 : an anonymous researcher
Kernel Available for: OS X Mountain Lion v10.8 to v10.8.2 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them. CVE-ID CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square, and additional anonymous researchers
Login Window Available for: OS X Mountain Lion v10.8 to v10.8.2 Impact: An attacker with keyboard access may modify the system configuration Description: A logic error existed in VoiceOver's handling of the Login Window, whereby an attacker with access to the keyboard could launch System Preferences and modify the system configuration. This issue was addressed by preventing VoiceOver from launching applications at the Login Window. CVE-ID CVE-2013-0969 : Eric A. Schulman of Purpletree Labs
Messages Available for: OS X Mountain Lion v10.8 to v10.8.2 Impact: Clicking a link from Messages may initiate a FaceTime call without prompting Description: Clicking on a specifically-formatted FaceTime:// URL in Messages could bypass the standard confirmation prompt. This issue was addressed by additional validation of FaceTime:// URLs. CVE-ID CVE-2013-0970 : Aaron Sigel of vtty.com
Messages Server Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5 Impact: A remote attacker may reroute federated Jabber messages Description: An issue existed in the Jabber server's handling of dialback result messages. An attacker may cause the Jabber server to disclose information intended for users of federated servers. This issue was addressed through improved handling of dialback result messages. CVE-ID CVE-2012-3525
PDFKit Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of ink annotations in PDF files. This issue was addressed through improved memory management. CVE-ID CVE-2013-0971 : Tobias Klein working with HP TippingPoint's Zero Day Initiative
Podcast Producer Server Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Podcast Producer Server. CVE-ID CVE-2013-0156
Podcast Producer Server Available for: OS X Lion Server v10.7 to v10.7.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A type casting issue existed in Ruby on Rails' handling of JSON data. This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Podcast Producer Server. CVE-ID CVE-2013-0333
PostgreSQL Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5 Impact: Multiple vulnerabilities in PostgreSQL Description: PostgreSQL was updated to version 9.1.5 to address multiple vulnerabilities, the most serious of which may allow database users to read files from the file system with the privileges of the database server role account. Further information is available via the PostgreSQL web site at http://www.postgresql.org/docs/9.1/static/release-9-1-5.html CVE-ID CVE-2012-3488 CVE-2012-3489
Profile Manager Available for: OS X Lion Server v10.7 to v10.7.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Profile Manager. CVE-ID CVE-2013-0156
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab
Ruby Available for: Mac OS X Server 10.6.8 Impact: A remote attacker may be able to cause arbitrary code execution if a Rails application is running Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling YAML and symbols in XML parameters in Rails. CVE-ID CVE-2013-0156
Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates.
Software Update Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5 Impact: An attacker with a privileged network position may be able to cause arbitrary code execution Description: Software Update allowed a man in the middle attacker to insert plugin content into the marketing text displayed for updates. This may allow the exploitation of a vulnerable plugin, or facilitate social engineering attacks involving plugins. This issue does not affect OS X Mountain Lion systems. This issue was addressed by preventing plugins from being loaded in Software Update's marketing text WebView. CVE-ID CVE-2013-0973 : Emilio Escobar
Wiki Server Available for: OS X Lion Server v10.7 to v10.7.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Wiki Server. CVE-ID CVE-2013-0156
Wiki Server Available for: OS X Lion Server v10.7 to v10.7.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A type casting issue existed in Ruby on Rails' handling of JSON data. This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Wiki Server. CVE-ID CVE-2013-0333
Malware removal Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Description: This update runs a malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
Note: OS X Mountain Lion v10.8.3 includes the content of Safari 6.0.3. For further details see "About the security content of Safari 6.0.3" at http://http//support.apple.com/kb/HT5671
OS X Mountain Lion v10.8.3 and Security Update 2013-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.3, or Security Update 2013-001.
For OS X Mountain Lion v10.8.2 The download file is named: OSXUpd10.8.3.dmg Its SHA-1 digest is: e6165572e9145ea05aac23fa30372a9b0a0bbf3c
For OS X Mountain Lion v10.8 and v10.8.1 The download file is named: OSXUpdCombo10.8.3.dmg Its SHA-1 digest is: 1bc49fde5ff6e252aa7908b4cb1f9cb9c8a5fa29
For OS X Lion v10.7.5 The download file is named: SecUpd2013-001.dmg Its SHA-1 digest is: 5bc540a208c720fce3448f853d852336781e1a17
For OS X Lion Server v10.7.5 The download file is named: SecUpdSrvr2013-001.dmg Its SHA-1 digest is: e88ff36fc8e88c4c995422d3f2364c56ebe51b07
For Mac OS X v10.6.8 The download file is named: SecUpd2013-001.dmg Its SHA-1 digest is: dc52d0f7d2db6080c57c7b9252a4d85c5e178450
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2013-001.dmg Its SHA-1 digest is: fd7946f8d1f1bce0394b6e56c8d7387812e14694
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRQiuBAAoJEPefwLHPlZEwGfgP/0UDCn2KBop3IJ4Ad31yiG3N gH+yQl4GDONhm/HgrPWGQgcuVI69FmAqk+7arwOL7+7hlsSDQ5uSWDraRdd0EPmO aq2DxPxt6bYi4fHSrfkvRblVr/PcPxswEEshM82JU60Oy88EDA87bI8yy4qi8KJ4 E8+6O31vLuUeAaHf0SNE8y1p2iKpdmHH/Afo0iAVx3ddm8e8wMVPZ9XbR02pe8MV qmMWj8icBLNyHGoSl48zm5t4Ah4MS9qgXNjsYY+Mq2AcrqQI5EFTbdWpKFM7SQ1G UcM6zmeHtKNz8H21MDYKg1UHjo49MZnFb6ahRXN0E3jsPrfO4Co/2t6ogOLRZ90X 2Sd1RfwqYnRZRfwyOAe3htBYDpVEfvU1eaNMoTTHLRKWgarxUoXvww2cjnomAg5y tg+btVeQfzdHu+yClvioCbYqblKKxJf8lmhiLEgoH2bRaz2L+fluWW9yGQarxmrb vQ+cMKuy7heyLpNhwRHZioo4/b2K/IZBnkKwH76Ey3yAXnSSAD9xwbFZZAU5J8YQ liULOm9tv1sUlNHMyTsjplIsFkAIrkl+H43hn3/A+q4TIsDkmtPvOOl4Rc9/5w8H ZibyLnmr1XgXvd6CgFzIvl7Ink+d/xGHTnlybHszCMzR5o6Rg7sTeQsD34aNymcc Lz1nnBtRAbfDgARdRX4e =WUBR -----END PGP SIGNATURE----- . This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting and spoofing attacks and compromise a user's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA48618
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48618/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48618
RELEASE DATE: 2012-03-29
DISCUSS ADVISORY: http://secunia.com/advisories/48618/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48618/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48618
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting and spoofing attacks and compromise a user's system.
1) Some errors exist in the bundled version of Adobe Flash Player.
3) An error in SVG text handling can be exploited to cause an out-of-bounds read.
4) An error in text fragment handling can be exploited to cause an out-of-bounds read.
5) An error exists within SPDY proxy certificate checking.
6) An off-by-one error exists in OpenType sanitizer.
7) A validation error exists within the handling of certain navigation requests from the renderer.
8) A use-after-free error exists in SVG clipping.
9) An unspecified error in Skia can be exploited to corrupt memory.
10) An error exists in v8.
For more information see vulnerability #8: SA48512
SOLUTION: Upgrade to version 18.0.1025.142.
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Masato Kinugawa 3) Arthur Gerkis 4) miaubiz 5) Leonidas Kontothanassis, Google 6) Mateusz Jurczyk, Google Security Team 7) kuzzcc, Sergey Glazunov, PinkiePie, and scarybeasts, Google Chrome Security Team 8) Atte Kettunen, OUSPG 9) Omair 10) Christian Holler
ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "chrome",
"scope": "lt",
"trust": 1.8,
"vendor": "google",
"version": "18.0.1025.142"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.8.3"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.6.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "server 10.6.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "server v10.7 to v10.7.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8 to v10.8.2"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1 (iphone 3gs or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1 (ipod touch first 4 after generation )"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "18.0.1025.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.100"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.202"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.43"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.60"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "chrome",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.142"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.204"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.128"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.127"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.65"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.91275"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96379"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.112"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.71"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.91"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.78"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.56"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.120"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.77"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96365"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.121"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.163"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.77"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.112"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.133"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.215"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.205"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.186"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.63"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
}
],
"sources": [
{
"db": "BID",
"id": "52762"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-576"
},
{
"db": "NVD",
"id": "CVE-2011-3058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Masato Kinugawa, Arthur Gerkis, miaubiz, Leonidas Kontothanassis of Google, Mateusz Jurczyk of the Google Security Team, kuzzcc, Sergey Glazunov, PinkiePie, scarybeasts (Google Chrome Security Team), Atte Kettunen of OUSPG, Omair, and Christian Holler.",
"sources": [
{
"db": "BID",
"id": "52762"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3058",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-3058",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-51003",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3058",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-3058",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-576",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-51003",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51003"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-576"
},
{
"db": "NVD",
"id": "CVE-2011-3058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. Google Chrome is prone to multiple vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-site scripting attacks; other attacks may also be possible. \nVersions prior to Chrome 18.0.1025.142 are vulnerable. Google Chrome is a web browser developed by Google (Google). \nCVE-ID\nCVE-2011-3058 : Masato Kinugawa\n\nKernel\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: A user-mode process may be able to access the first page of\nkernel memory\nDescription: The iOS kernel has checks to validate that the user-\nmode pointer and length passed to the copyin and copyout functions\nwould not result in a user-mode process being able to directly access\nkernel memory. The checks were not being used if the length was\nsmaller than one page. \n\nStoreKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: JavaScript may be enabled in Mobile Safari without user\ninteraction\nDescription: If a user disabled JavaScript in Safari Preferences,\nvisiting a site which displayed a Smart App Banner would re-enable\nJavaScript without warning the user. This issue was addressed by not\nenabling JavaScript when visiting a site with a Smart App Banner. \nCVE-ID\nCVE-2012-2824 : miaubiz\nCVE-2012-2857 : Arthur Gerkis\nCVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3621 : Skylined of the Google Chrome Security Team\nCVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3687 : kuzzcc\nCVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0951 : Apple\nCVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the\nGoogle Chrome Security Team\nCVE-2013-0955 : Apple\nCVE-2013-0956 : Apple Product Security\nCVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0968 : Aaron Nelson\n\nWebKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Copying and pasting content on a malicious website may lead\nto a cross-site scripting attack\nDescription: A cross-site scripting issue existed in the handling of\ncontent pasted from a different origin. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"6.1\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Chromium, V8: Multiple vulnerabilities\n Date: March 30, 2012\n Bugs: #410045\n ID: 201203-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been reported in Chromium and V8, some of\nwhich may allow execution of arbitrary code. \n\nBackground\n==========\n\nChromium is an open source web browser project. V8 is Google\u0027s open\nsource JavaScript engine. SPDY is an experimental networking protocol. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/chromium \u003c 18.0.1025.142 \u003e= 18.0.1025.142\n 2 dev-lang/v8 \u003c 3.8.9.16 \u003e= 3.8.9.16\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Chromium and V8. \nPlease review the CVE identifiers and release notes referenced below\nfor details. \n\nImpact\n======\n\nA context-dependent attacker could entice a user to open a specially\ncrafted web site or JavaScript program using Chromium or V8, possibly\nresulting in the execution of arbitrary code with the privileges of the\nprocess, or a Denial of Service condition. \n\nThe attacker could also entice a user to open a specially crafted web\nsite using Chromium, possibly resulting in cross-site scripting (XSS),\nor an unspecified SPDY certificate checking error. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-client/chromium-18.0.1025.142\"\n\nAll V8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/v8-3.8.9.16\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3057\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3057\n[ 2 ] CVE-2011-3058\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3058\n[ 3 ] CVE-2011-3059\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3059\n[ 4 ] CVE-2011-3060\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3060\n[ 5 ] CVE-2011-3061\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3061\n[ 6 ] CVE-2011-3062\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3062\n[ 7 ] CVE-2011-3063\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3063\n[ 8 ] CVE-2011-3064\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3064\n[ 9 ] CVE-2011-3065\n http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3065\n[ 10 ] Release Notes 18.0.1025.142\n\nhttp://googlechromereleases.blogspot.com/2012/03/stable-channel-release-a=\nnd-beta-channel.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update\n2013-001\n\nOS X Mountain Lion v10.8.3 and Security Update 2013-001 is now\navailable and addresses the following:\n\nApache\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nImpact: An attacker may be able to access directories that are\nprotected with HTTP authentication without knowing the correct\ncredentials\nDescription: A canonicalization issue existed in the handling of\nURIs with ignorable Unicode character sequences. This issue was\naddressed by updating mod_hfs_apple to forbid access to URIs with\nignorable Unicode character sequences. \nCVE-ID\nCVE-2013-0966 : Clint Ruoho of Laconic Security\n\nCoreTypes\nAvailable for: OS X Lion v10.7 to v10.7.5,\nOS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nImpact: Visiting a maliciously crafted website could allow a Java\nWeb Start application to be launched automatically even if the Java\nplug-in is disabled\nDescription: Java Web Start applications would run even if the Java\nplug-in was disabled. This issue was addressed by removing JNLP files\nfrom the CoreTypes safe file type list, so the Web Start application\nwill not be run unless the user opens it in the Downloads directory. \nCVE-ID\nCVE-2013-0967\n\nInternational Components for Unicode\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: A canonicalization issue existed in the handling of the\nEUC-JP encoding, which could lead to a cross-site scripting attack on\nEUC-JP encoded websites. This issue was addressed by updating the\nEUC-JP mapping table. \nCVE-ID\nCVE-2011-3058 : Masato Kinugawa\n\nIdentity Services\nAvailable for: OS X Lion v10.7 to v10.7.5,\nOS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nImpact: Authentication relying on certificate-based Apple ID\nauthentication may be bypassed\nDescription: An error handling issue existed in Identity Services. \nIf the user\u0027s AppleID certificate failed to validate, the user\u0027s\nAppleID was assumed to be the empty string. If multiple systems\nbelonging to different users enter this state, applications relying\non this identity determination may erroneously extend trust. This\nissue was addressed by ensuring that NULL is returned instead of an\nempty string. \nCVE-ID\nCVE-2013-0963\n\nImageIO\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in libtiff\u0027s handling of TIFF\nimages. This issue was addressed through additional validation of\nTIFF images. \nCVE-ID\nCVE-2012-2088\n\nIOAcceleratorFamily\nAvailable for: OS X Mountain Lion v10.8 to v10.8.2\nImpact: Viewing a maliciously crafted image may lead to an\nunexpected system termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\ngraphics data. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-0976 : an anonymous researcher\n\nKernel\nAvailable for: OS X Mountain Lion v10.8 to v10.8.2\nImpact: Maliciously crafted or compromised applications may be able\nto determine addresses in the kernel\nDescription: An information disclosure issue existed in the handling\nof APIs related to kernel extensions. Responses containing an\nOSBundleMachOHeaders key may have included kernel addresses, which\nmay aid in bypassing address space layout randomization protection. \nThis issue was addressed by unsliding the addresses before returning\nthem. \nCVE-ID\nCVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square,\nand additional anonymous researchers\n\nLogin Window\nAvailable for: OS X Mountain Lion v10.8 to v10.8.2\nImpact: An attacker with keyboard access may modify the system\nconfiguration\nDescription: A logic error existed in VoiceOver\u0027s handling of the\nLogin Window, whereby an attacker with access to the keyboard could\nlaunch System Preferences and modify the system configuration. This\nissue was addressed by preventing VoiceOver from launching\napplications at the Login Window. \nCVE-ID\nCVE-2013-0969 : Eric A. Schulman of Purpletree Labs\n\nMessages\nAvailable for: OS X Mountain Lion v10.8 to v10.8.2\nImpact: Clicking a link from Messages may initiate a FaceTime call\nwithout prompting\nDescription: Clicking on a specifically-formatted FaceTime:// URL in\nMessages could bypass the standard confirmation prompt. This issue\nwas addressed by additional validation of FaceTime:// URLs. \nCVE-ID\nCVE-2013-0970 : Aaron Sigel of vtty.com\n\nMessages Server\nAvailable for: Mac OS X Server 10.6.8,\nOS X Lion Server v10.7 to v10.7.5\nImpact: A remote attacker may reroute federated Jabber messages\nDescription: An issue existed in the Jabber server\u0027s handling of\ndialback result messages. An attacker may cause the Jabber server to\ndisclose information intended for users of federated servers. This\nissue was addressed through improved handling of dialback result\nmessages. \nCVE-ID\nCVE-2012-3525\n\nPDFKit\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A use after free issue existed in the handling of ink\nannotations in PDF files. This issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2013-0971 : Tobias Klein working with HP TippingPoint\u0027s Zero Day\nInitiative\n\nPodcast Producer Server\nAvailable for: Mac OS X Server 10.6.8,\nOS X Lion Server v10.7 to v10.7.5\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A type casting issue existed in Ruby on Rails\u0027 handling\nof XML parameters. This issue was addressed by disabling XML\nparameters in the Rails implementation used by Podcast Producer\nServer. \nCVE-ID\nCVE-2013-0156\n\nPodcast Producer Server\nAvailable for: OS X Lion Server v10.7 to v10.7.5\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A type casting issue existed in Ruby on Rails\u0027 handling\nof JSON data. This issue was addressed by switching to using the\nJSONGem backend for JSON parsing in the Rails implementation used by\nPodcast Producer Server. \nCVE-ID\nCVE-2013-0333\n\nPostgreSQL\nAvailable for: Mac OS X Server 10.6.8,\nOS X Lion Server v10.7 to v10.7.5\nImpact: Multiple vulnerabilities in PostgreSQL\nDescription: PostgreSQL was updated to version 9.1.5 to address\nmultiple vulnerabilities, the most serious of which may allow\ndatabase users to read files from the file system with the privileges\nof the database server role account. Further information is available\nvia the PostgreSQL web site at\nhttp://www.postgresql.org/docs/9.1/static/release-9-1-5.html\nCVE-ID\nCVE-2012-3488\nCVE-2012-3489\n\nProfile Manager\nAvailable for: OS X Lion Server v10.7 to v10.7.5\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A type casting issue existed in Ruby on Rails\u0027 handling\nof XML parameters. This issue was addressed by disabling XML\nparameters in the Rails implementation used by Profile Manager. \nCVE-ID\nCVE-2013-0156\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027rnet\u0027\nboxes in MP4 files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2012-3756 : Kevin Szkudlapski of QuarksLab\n\nRuby\nAvailable for: Mac OS X Server 10.6.8\nImpact: A remote attacker may be able to cause arbitrary code\nexecution if a Rails application is running\nDescription: A type casting issue existed in Ruby on Rails\u0027 handling\nof XML parameters. This issue was addressed by disabling YAML and\nsymbols in XML parameters in Rails. \nCVE-ID\nCVE-2013-0156\n\nSecurity\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: Several intermediate CA certificates were mistakenly\nissued by TURKTRUST. This may allow a man-in-the-middle attacker to\nredirect connections and intercept user credentials or other\nsensitive information. This issue was addressed by not allowing the\nincorrect SSL certificates. \n\nSoftware Update\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5\nImpact: An attacker with a privileged network position may be able\nto cause arbitrary code execution\nDescription: Software Update allowed a man in the middle attacker to\ninsert plugin content into the marketing text displayed for updates. \nThis may allow the exploitation of a vulnerable plugin, or facilitate\nsocial engineering attacks involving plugins. This issue does not\naffect OS X Mountain Lion systems. This issue was addressed by\npreventing plugins from being loaded in Software Update\u0027s marketing\ntext WebView. \nCVE-ID\nCVE-2013-0973 : Emilio Escobar\n\nWiki Server\nAvailable for: OS X Lion Server v10.7 to v10.7.5\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A type casting issue existed in Ruby on Rails\u0027 handling\nof XML parameters. This issue was addressed by disabling XML\nparameters in the Rails implementation used by Wiki Server. \nCVE-ID\nCVE-2013-0156\n\nWiki Server\nAvailable for: OS X Lion Server v10.7 to v10.7.5\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A type casting issue existed in Ruby on Rails\u0027 handling\nof JSON data. This issue was addressed by switching to using the\nJSONGem backend for JSON parsing in the Rails implementation used by\nWiki Server. \nCVE-ID\nCVE-2013-0333\n\nMalware removal\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.2\nDescription: This update runs a malware removal tool that will\nremove the most common variants of malware. If malware is found, it\npresents a dialog notifying the user that malware was removed. There\nis no indication to the user if malware is not found. \n\n\nNote: OS X Mountain Lion v10.8.3 includes the content of\nSafari 6.0.3. For further details see \"About the security content\nof Safari 6.0.3\" at http://http//support.apple.com/kb/HT5671\n\nOS X Mountain Lion v10.8.3 and Security Update 2013-001 may be\nobtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.3, or Security Update\n2013-001. \n\nFor OS X Mountain Lion v10.8.2\nThe download file is named: OSXUpd10.8.3.dmg\nIts SHA-1 digest is: e6165572e9145ea05aac23fa30372a9b0a0bbf3c\n\nFor OS X Mountain Lion v10.8 and v10.8.1\nThe download file is named: OSXUpdCombo10.8.3.dmg\nIts SHA-1 digest is: 1bc49fde5ff6e252aa7908b4cb1f9cb9c8a5fa29\n\nFor OS X Lion v10.7.5\nThe download file is named: SecUpd2013-001.dmg\nIts SHA-1 digest is: 5bc540a208c720fce3448f853d852336781e1a17\n\nFor OS X Lion Server v10.7.5\nThe download file is named: SecUpdSrvr2013-001.dmg\nIts SHA-1 digest is: e88ff36fc8e88c4c995422d3f2364c56ebe51b07\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2013-001.dmg\nIts SHA-1 digest is: dc52d0f7d2db6080c57c7b9252a4d85c5e178450\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2013-001.dmg\nIts SHA-1 digest is: fd7946f8d1f1bce0394b6e56c8d7387812e14694\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJRQiuBAAoJEPefwLHPlZEwGfgP/0UDCn2KBop3IJ4Ad31yiG3N\ngH+yQl4GDONhm/HgrPWGQgcuVI69FmAqk+7arwOL7+7hlsSDQ5uSWDraRdd0EPmO\naq2DxPxt6bYi4fHSrfkvRblVr/PcPxswEEshM82JU60Oy88EDA87bI8yy4qi8KJ4\nE8+6O31vLuUeAaHf0SNE8y1p2iKpdmHH/Afo0iAVx3ddm8e8wMVPZ9XbR02pe8MV\nqmMWj8icBLNyHGoSl48zm5t4Ah4MS9qgXNjsYY+Mq2AcrqQI5EFTbdWpKFM7SQ1G\nUcM6zmeHtKNz8H21MDYKg1UHjo49MZnFb6ahRXN0E3jsPrfO4Co/2t6ogOLRZ90X\n2Sd1RfwqYnRZRfwyOAe3htBYDpVEfvU1eaNMoTTHLRKWgarxUoXvww2cjnomAg5y\ntg+btVeQfzdHu+yClvioCbYqblKKxJf8lmhiLEgoH2bRaz2L+fluWW9yGQarxmrb\nvQ+cMKuy7heyLpNhwRHZioo4/b2K/IZBnkKwH76Ey3yAXnSSAD9xwbFZZAU5J8YQ\nliULOm9tv1sUlNHMyTsjplIsFkAIrkl+H43hn3/A+q4TIsDkmtPvOOl4Rc9/5w8H\nZibyLnmr1XgXvd6CgFzIvl7Ink+d/xGHTnlybHszCMzR5o6Rg7sTeQsD34aNymcc\nLz1nnBtRAbfDgARdRX4e\n=WUBR\n-----END PGP SIGNATURE-----\n. This fixes multiple\nvulnerabilities, where some have an unknown impact and others can be\nexploited by malicious people to conduct cross-site scripting and\nspoofing attacks and compromise a user\u0027s system. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nGoogle Chrome Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48618\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48618/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48618\n\nRELEASE DATE:\n2012-03-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48618/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48618/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48618\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Google Chrome, where\nsome have an unknown impact and others can be exploited by malicious\npeople to conduct cross-site scripting and spoofing attacks and\ncompromise a user\u0027s system. \n\n1) Some errors exist in the bundled version of Adobe Flash Player. \n\n3) An error in SVG text handling can be exploited to cause an\nout-of-bounds read. \n\n4) An error in text fragment handling can be exploited to cause an\nout-of-bounds read. \n\n5) An error exists within SPDY proxy certificate checking. \n\n6) An off-by-one error exists in OpenType sanitizer. \n\n7) A validation error exists within the handling of certain\nnavigation requests from the renderer. \n\n8) A use-after-free error exists in SVG clipping. \n\n9) An unspecified error in Skia can be exploited to corrupt memory. \n\n10) An error exists in v8. \n\nFor more information see vulnerability #8:\nSA48512\n\nSOLUTION:\nUpgrade to version 18.0.1025.142. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n2) Masato Kinugawa\n3) Arthur Gerkis\n4) miaubiz\n5) Leonidas Kontothanassis, Google\n6) Mateusz Jurczyk, Google Security Team\n7) kuzzcc, Sergey Glazunov, PinkiePie, and scarybeasts, Google Chrome\nSecurity Team\n8) Atte Kettunen, OUSPG\n9) Omair\n10) Christian Holler\n\nORIGINAL ADVISORY:\nhttp://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3058"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"db": "BID",
"id": "52762"
},
{
"db": "VULHUB",
"id": "VHN-51003"
},
{
"db": "PACKETSTORM",
"id": "119897"
},
{
"db": "PACKETSTORM",
"id": "111803"
},
{
"db": "PACKETSTORM",
"id": "111455"
},
{
"db": "PACKETSTORM",
"id": "120820"
},
{
"db": "PACKETSTORM",
"id": "111469"
},
{
"db": "PACKETSTORM",
"id": "111449"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-51003",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51003"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3058",
"trust": 3.1
},
{
"db": "BID",
"id": "52762",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "48618",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "48691",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "48763",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1026877",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU90360497",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001968",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-576",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "119897",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "120820",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-51003",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111803",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111455",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111449",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51003"
},
{
"db": "BID",
"id": "52762"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"db": "PACKETSTORM",
"id": "119897"
},
{
"db": "PACKETSTORM",
"id": "111803"
},
{
"db": "PACKETSTORM",
"id": "111455"
},
{
"db": "PACKETSTORM",
"id": "120820"
},
{
"db": "PACKETSTORM",
"id": "111469"
},
{
"db": "PACKETSTORM",
"id": "111449"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-576"
},
{
"db": "NVD",
"id": "CVE-2011-3058"
}
]
},
"id": "VAR-201203-0179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-51003"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:28:30.418000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2013-03-14-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"title": "HT5642",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5642"
},
{
"title": "HT5672",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5672"
},
{
"title": "HT5642",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5642?viewlocale=ja_JP"
},
{
"title": "HT5672",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5672?viewlocale=ja_JP"
},
{
"title": "Stable Channel Release and Beta Channel Update",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2012/03/stable-channel-release-and-beta-channel.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja\u0026hl=ja"
},
{
"title": "Google Chrome Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114588"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-576"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51003"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"db": "NVD",
"id": "CVE-2011-3058"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2013/jan/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2013/mar/msg00002.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/52762"
},
{
"trust": 1.7,
"url": "http://code.google.com/p/chromium/issues/detail?id=109574"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5642"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15492"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1026877"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48618"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48691"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48763"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74408"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3058"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3058"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90360497/"
},
{
"trust": 0.3,
"url": "http://www.google.com/chrome"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3058"
},
{
"trust": 0.3,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "http://gpgtools.org"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0963"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0955"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0959"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0952"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0958"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3606"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3607"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48763/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48763/"
},
{
"trust": 0.1,
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00032.html"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48763"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3065"
},
{
"trust": 0.1,
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-a="
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3059"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3063"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3064"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3061"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201203-24.xml"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3060"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3057"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3057"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3525"
},
{
"trust": 0.1,
"url": "http://http//support.apple.com/kb/ht5671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3488"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0966"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3756"
},
{
"trust": 0.1,
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3489"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48691"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48691/"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-24.xml"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48691/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48618/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48618"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48618/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51003"
},
{
"db": "BID",
"id": "52762"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"db": "PACKETSTORM",
"id": "119897"
},
{
"db": "PACKETSTORM",
"id": "111803"
},
{
"db": "PACKETSTORM",
"id": "111455"
},
{
"db": "PACKETSTORM",
"id": "120820"
},
{
"db": "PACKETSTORM",
"id": "111469"
},
{
"db": "PACKETSTORM",
"id": "111449"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-576"
},
{
"db": "NVD",
"id": "CVE-2011-3058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-51003"
},
{
"db": "BID",
"id": "52762"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"db": "PACKETSTORM",
"id": "119897"
},
{
"db": "PACKETSTORM",
"id": "111803"
},
{
"db": "PACKETSTORM",
"id": "111455"
},
{
"db": "PACKETSTORM",
"id": "120820"
},
{
"db": "PACKETSTORM",
"id": "111469"
},
{
"db": "PACKETSTORM",
"id": "111449"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-576"
},
{
"db": "NVD",
"id": "CVE-2011-3058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-51003"
},
{
"date": "2012-03-28T00:00:00",
"db": "BID",
"id": "52762"
},
{
"date": "2012-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"date": "2013-01-30T02:53:29",
"db": "PACKETSTORM",
"id": "119897"
},
{
"date": "2012-04-12T03:09:18",
"db": "PACKETSTORM",
"id": "111803"
},
{
"date": "2012-04-01T17:52:05",
"db": "PACKETSTORM",
"id": "111455"
},
{
"date": "2013-03-15T22:23:48",
"db": "PACKETSTORM",
"id": "120820"
},
{
"date": "2012-04-02T05:26:37",
"db": "PACKETSTORM",
"id": "111469"
},
{
"date": "2012-04-01T09:50:46",
"db": "PACKETSTORM",
"id": "111449"
},
{
"date": "2012-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-576"
},
{
"date": "2012-03-30T22:55:01.353000",
"db": "NVD",
"id": "CVE-2011-3058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-51003"
},
{
"date": "2015-03-19T09:18:00",
"db": "BID",
"id": "52762"
},
{
"date": "2013-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001968"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-576"
},
{
"date": "2024-11-21T01:29:37.057000",
"db": "NVD",
"id": "CVE-2011-3058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-576"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Chrome Vulnerable to cross-site scripting attacks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001968"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-576"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.