CVE-2011-3366 - OpenCVE

Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adjam	Rekonq

Configuration 1 [-]

OR	cpe:2.3:a:adjam:rekonq::::::::
	cpe:2.3:a:adjam:rekonq:0.0.1:::::::*
	cpe:2.3:a:adjam:rekonq:0.0.2:::::::*
	cpe:2.3:a:adjam:rekonq:0.0.3:::::::*
	cpe:2.3:a:adjam:rekonq:0.0.4:::::::*
	cpe:2.3:a:adjam:rekonq:0.1:alpha::::::
	cpe:2.3:a:adjam:rekonq:0.1.0:::::::*
	cpe:2.3:a:adjam:rekonq:0.1.95:::::::*
	cpe:2.3:a:adjam:rekonq:0.1.98:::::::*
	cpe:2.3:a:adjam:rekonq:0.2.0:::::::*
	cpe:2.3:a:adjam:rekonq:0.2.90:::::::*
	cpe:2.3:a:adjam:rekonq:0.3.0:::::::*
	cpe:2.3:a:adjam:rekonq:0.3.90:::::::*
	cpe:2.3:a:adjam:rekonq:0.4.0:::::::*
	cpe:2.3:a:adjam:rekonq:0.4.90:::::::*
	cpe:2.3:a:adjam:rekonq:0.4.95:::::::*
	cpe:2.3:a:adjam:rekonq:0.5.0:::::::*
	cpe:2.3:a:adjam:rekonq:0.5.80:::::::*
	cpe:2.3:a:adjam:rekonq:0.6.0:::::::*
	cpe:2.3:a:adjam:rekonq:0.6.1:::::::*
	cpe:2.3:a:adjam:rekonq:0.6.80:::::::*
	cpe:2.3:a:adjam:rekonq:0.6.85:::::::*
	cpe:2.3:a:adjam:rekonq:0.6.95:::::::*

No data.

References

Link	Providers
http://www.kde.org/info/security/advisory-20111003-1.txt
http://www.securityfocus.com/archive/1/520041
https://bugzilla.redhat.com/show_bug.cgi?id=743194

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-11-29T17:00:00Z

Updated: 2024-09-16T20:11:20.545Z

Reserved: 2011-08-30T00:00:00Z

Link: CVE-2011-3366

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2011-11-29T17:55:01.293

Modified: 2011-12-01T05:00:00.000

Link: CVE-2011-3366

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-11-29T17:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20111003-1.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743194"}, {"name": "20111007 Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/520041"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3366", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.kde.org/info/security/advisory-20111003-1.txt", "refsource": "CONFIRM", "url": "http://www.kde.org/info/security/advisory-20111003-1.txt"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=743194", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743194"}, {"name": "20111007 Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/520041"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:29:56.698Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kde.org/info/security/advisory-20111003-1.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743194"}, {"name": "20111007 Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/520041"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3366", "datePublished": "2011-11-29T17:00:00Z", "dateReserved": "2011-08-30T00:00:00Z", "dateUpdated": "2024-09-16T20:11:20.545Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adjam:rekonq:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EBBFACC-6EAA-414E-8035-DA7E4579BE2C", "versionEndIncluding": "0.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DACB212C-B647-45B6-AD16-8AC002D384C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "932EB133-4D74-431F-9822-5326465975FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CF892A30-8643-4028-9FA1-27E09A721952", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DDD8F42-E60E-4F8A-AF10-198325CF4E04", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "BF1D5711-1DF7-4C6C-8760-8E43602FF74D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "77D9763E-20FA-4ED7-B1B7-E1D347AAF7AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.1.95:*:*:*:*:*:*:*", "matchCriteriaId": "000726CE-F886-4728-B70C-B22B913EDED6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.1.98:*:*:*:*:*:*:*", "matchCriteriaId": "C83A2F59-3D4E-4312-A601-E54BA47C0AFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "20102860-630D-4374-BF0A-69E6D6CB2B2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.2.90:*:*:*:*:*:*:*", "matchCriteriaId": "0193DE99-8FAE-4A46-8BB9-D2E771A94964", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D43FD182-7BE8-415E-9F2E-850402BE8983", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.3.90:*:*:*:*:*:*:*", "matchCriteriaId": "0A36420B-DF83-4BF4-BC71-400E62CD4F29", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A03BAD13-C4B4-40CA-981D-2837627A9A1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.4.90:*:*:*:*:*:*:*", "matchCriteriaId": "8BA611B9-2FD7-451B-B8A0-042C91312972", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.4.95:*:*:*:*:*:*:*", "matchCriteriaId": "75CCFA73-DD3B-4DC6-A81A-7304E3F260DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F0FAC86-EC7E-4956-8F39-0BBC453EFD51", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.5.80:*:*:*:*:*:*:*", "matchCriteriaId": "A66B2296-2CB8-4655-BDDB-ED7D24AE2816", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C88096A-7B04-4517-B173-719B8886D294", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "C327C0FC-8566-4977-B0A8-D5ADD0F1959D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.6.80:*:*:*:*:*:*:*", "matchCriteriaId": "5F111E54-93B2-4848-ACE9-E89608E9F1D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.6.85:*:*:*:*:*:*:*", "matchCriteriaId": "7DAB664B-13E4-4E89-A311-E4AAC76A198D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adjam:rekonq:0.6.95:*:*:*:*:*:*:*", "matchCriteriaId": "DB42FC79-847C-4697-9DD9-AC84169B66A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text."}, {"lang": "es", "value": "Rekonq v0.7.0 y anteriores no usan una fuente concreta cuando se renderizan los campos de certificado en un di\u00e1logo de seguridad, lo que permite a atacantes remotodos falsificar el nombre com\u00fan (CN) de un certificado a trav\u00e9s de un texto enriquecido."}], "id": "CVE-2011-3366", "lastModified": "2011-12-01T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-11-29T17:55:01.293", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.kde.org/info/security/advisory-20111003-1.txt"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/520041"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=743194"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}