Main Vulnerability Database Vulnerabilities #VU44481

Input validation error in rekonq - CVE-2011-3366

Published: November 29, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44481

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-3366

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: KDE.org

Affected software:
rekonq

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

How to mitigate CVE-2011-3366

Install update from vendor's website.

Sources

http://www.kde.org/info/security/advisory-20111003-1.txt
http://www.securityfocus.com/archive/1/520041
https://bugzilla.redhat.com/show_bug.cgi?id=743194

Input validation error in rekonq - CVE-2011-3366

Detailed vulnerability description

How to mitigate CVE-2011-3366

Sources

Please verify you're human