CVE-2011-3367
Arora - Certificate Common Name Spoofing via Rich Text Rendering
Title source: llmDescription
Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520041
Scores
EPSS
0.0096
EPSS Percentile
57.5%
Details
CWE
CWE-20
Status
published
Products (1)
arora-browser/arora
0.11.0
Published
Nov 29, 2011
Tracked Since
Feb 18, 2026