CVE-2011-3881

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function.

Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-10-01 CVE Reserved
2011-10-25 CVE Published
2024-04-24 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (15)

URL	Tag	Source
http://code.google.com/p/chromium/issues/detail?id=96047	X_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=96885	X_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=98053	X_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=99512	X_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=99750	X_refsource_confirm
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html	X_refsource_confirm
http://secunia.com/advisories/48288	Third Party Advisory
http://secunia.com/advisories/48377	Third Party Advisory
http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html	X_refsource_misc
http://www.securitytracker.com/id?1026774	Vdb Entry
https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/70959	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12940	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html	2023-11-07
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Chrome Search vendor "Google" for product "Chrome"				< 15.0.874.102 Search vendor "Google" for product "Chrome" and version " < 15.0.874.102"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				< 4.4 Search vendor "Google" for product "Android" and version " < 4.4"		-		Affected
Apple Search vendor "Apple"		Safari Search vendor "Apple" for product "Safari"				< 5.1.4 Search vendor "Apple" for product "Safari" and version " < 5.1.4"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				< 5.1 Search vendor "Apple" for product "Iphone Os" and version " < 5.1"		-		Affected