DEBIAN-CVE-2011-3640

DEBIAN-CVE-2011-3640 PUBLISHED

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Affected Products

Vendor	Product	Versions
Debian:14	nss	0, 0, 0
Debian:11	nss	0, 0, 0
Debian:13	nss	0, 0, 0
Debian:12	nss	0, 0, 0

Timeline

Oct 28, 2011 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2011-3640 advisory

Open in Interactive Console →