CVE-2010-3116: Use After Free
First published: Tue Aug 24 2010(Updated: )
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <5.0.375.127 | |
| Apple Mobile Safari | <4.1.3 | |
| Apple Mobile Safari | >=5.0<5.0.3 | |
| iOS | <4.2 | |
| WebKitGTK+ | <1.2.6 | |
| Ubuntu Linux | =9.10 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =10.10 | |
| iStyle @cosme iPhone OS | <4.2 | |
| Ubuntu | =10.10 | |
| Ubuntu | =9.10 | |
| Ubuntu | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://code.google.com/p/chromium/issues/detail?id=51835
- http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html
- http://code.google.com/p/chromium/issues/detail?id=50515
- http://secunia.com/advisories/41856
- http://www.ubuntu.com/usn/USN-1006-1
- http://www.vupen.com/english/advisories/2010/2722
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
- http://support.apple.com/kb/HT4455
- http://support.apple.com/kb/HT4456
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- http://www.vupen.com/english/advisories/2010/3046
- http://secunia.com/advisories/42314
- http://www.securityfocus.com/bid/44200
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.vupen.com/english/advisories/2011/0212
- http://secunia.com/advisories/43068
- http://www.redhat.com/support/errata/RHSA-2011-0177.html
- http://www.vupen.com/english/advisories/2011/0216
- http://secunia.com/advisories/43086
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
- http://www.vupen.com/english/advisories/2011/0552
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11909
Frequently Asked Questions
What types of systems are affected by CVE-2010-3116?
CVE-2010-3116 affects multiple versions of Google Chrome, Apple Safari, WebKitGTK+, and specific versions of Ubuntu Linux.
What is the risk associated with CVE-2010-3116?
CVE-2010-3116 poses a risk of arbitrary code execution and denial of service due to multiple use-after-free vulnerabilities.
How can CVE-2010-3116 be mitigated?
To mitigate CVE-2010-3116, users should update their browser or operating system to the latest available version that is not impacted.
What is the current status of security updates for CVE-2010-3116?
Security updates addressing CVE-2010-3116 have been released for affected software versions, including Google Chrome and Apple Safari.
Are there any known exploits for CVE-2010-3116?
At the time of disclosure, there were no publicly known exploits specifically targeting CVE-2010-3116.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/author
- agent/weakness
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/google
- canonical/google chrome
- vendor/apple
- canonical/apple mobile safari
- version/apple mobile safari/5.0
- canonical/ios
- vendor/webkitgtk
- canonical/webkitgtk+
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/9.10
- version/ubuntu linux/10.04
- version/ubuntu linux/10.10
- canonical/ubuntu
- version/ubuntu/10.10
- version/ubuntu/9.10
- version/ubuntu/10.04