CVE-2011-3887 : Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass int

Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

Published 2011-10-25 19:55:02

Updated 2020-05-08 13:40:56

Source Google Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2011-3887

Probability of exploitation activity in the next 30 days: 0.46%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-3887

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2011-3887

CWE-565 Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3887

http://code.google.com/p/chromium/issues/detail?id=98407

Inloggen - Google Accounts
Permissions Required
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html

Apple - Lists.apple.com
Mailing List;Third Party Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/70965

Google Chrome URI security bypass CVE-2011-3887 Vulnerability Report
Third Party Advisory;VDB Entry
http://secunia.com/advisories/48288

Sign in
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/48377

Sign in
Third Party Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html

Apple - Lists.apple.com
Mailing List;Third Party Advisory

CVEs referencing this url
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

Chrome Releases: Chrome Stable Release
Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id?1026774

Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13179

Repository / Oval Repository
Third Party Advisory

Products affected by CVE-2011-3887

Apple » Safari
Versions before (<) 5.1.4
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
Versions before (<) 5.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome
Versions before (<) 15.0.874.102
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-3887

Exploit prediction scoring system (EPSS) score for CVE-2011-3887

CVSS scores for CVE-2011-3887

CWE ids for CVE-2011-3887

References for CVE-2011-3887

Products affected by CVE-2011-3887