CVE-2011-3367

Arora - Certificate Common Name Spoofing via Rich Text Rendering

Title source: llm
STIX 2.1

Description

Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520041

Scores

EPSS 0.0096
EPSS Percentile 57.5%

Details

CWE
CWE-20
Status published
Products (1)
arora-browser/arora 0.11.0
Published Nov 29, 2011
Tracked Since Feb 18, 2026