CVE-2011-3640
nss - several
EPSS 0.34%
Description
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
How to fix CVE-2011-3640
To remediate CVE-2011-3640, upgrade the affected package to a fixed version below.
- Debian/nss—upgrade to 3.13.1.with.ckbi.1.88-1 or later
- Debian/nss—upgrade to 3.12.8-1+squeeze4 or later
Is CVE-2011-3640 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.13.1.with.ckbi.1.88-1
- from 0, < 3.12.8-1+squeeze4