CVE-2010-3257: Use After Free
First published: Tue Sep 07 2010(Updated: )
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <6.0.472.53 | |
| WebKitGTK+ | <1.2.6 | |
| Apple Mobile Safari | <4.1.3 | |
| Apple Mobile Safari | >=5.0<5.0.3 | |
| iOS | <4.2 | |
| Ubuntu Linux | =9.10 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =10.10 | |
| Ubuntu | =10.10 | |
| Ubuntu | =9.10 | |
| Ubuntu | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://code.google.com/p/chromium/issues/detail?id=52443
- http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html
- http://www.ubuntu.com/usn/USN-1006-1
- http://secunia.com/advisories/41856
- http://www.vupen.com/english/advisories/2010/2722
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
- http://support.apple.com/kb/HT4455
- http://support.apple.com/kb/HT4456
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- http://www.vupen.com/english/advisories/2010/3046
- http://secunia.com/advisories/42314
- http://www.securityfocus.com/bid/44204
- http://secunia.com/advisories/43086
- http://www.vupen.com/english/advisories/2011/0216
- http://secunia.com/advisories/43068
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.redhat.com/support/errata/RHSA-2011-0177.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
- http://www.vupen.com/english/advisories/2011/0552
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12138
Frequently Asked Questions
What is the severity of CVE-2010-3257?
CVE-2010-3257 has a high severity level due to its potential to allow remote attackers to execute arbitrary code or cause application crashes.
How do I fix CVE-2010-3257?
To fix CVE-2010-3257, update affected software to the latest versions, including Safari 5.0.3 or later, Chrome 6.0.472.53 or later, and WebKitGTK+ 1.2.6 or later.
Which versions are affected by CVE-2010-3257?
CVE-2010-3257 affects Apple Safari versions before 4.1.3, Chrome versions before 6.0.472.53, and certain versions of WebKitGTK+.
What types of attacks does CVE-2010-3257 allow?
CVE-2010-3257 enables attackers to perform remote code execution or trigger denial of service conditions by exploiting the use-after-free vulnerability.
Are there any operating systems affected by CVE-2010-3257?
Yes, Ubuntu versions 9.10, 10.04, and 10.10 are affected by CVE-2010-3257 due to vulnerable components.
- agent/type
- agent/severity
- agent/author
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/google
- canonical/google chrome
- vendor/webkitgtk
- canonical/webkitgtk+
- vendor/apple
- canonical/apple mobile safari
- version/apple mobile safari/5.0
- canonical/ios
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/9.10
- version/ubuntu linux/10.04
- version/ubuntu linux/10.10
- canonical/ubuntu
- version/ubuntu/10.10
- version/ubuntu/9.10
- version/ubuntu/10.04