CVE-2010-3259: Infoleak
First published: Tue Sep 07 2010(Updated: )
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <6.0.472.53 | |
| Oracle Webkitgtk4-jsc | <1.2.6 | |
| iPhone OS | <4.2 | |
| Safari | <4.1.3 | |
| Safari | >=5.0<5.0.3 | |
| Ubuntu | =10.10 | |
| Ubuntu | =9.10 | |
| Ubuntu | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html
- http://code.google.com/p/chromium/issues/detail?id=53001
- http://www.vupen.com/english/advisories/2010/2722
- http://secunia.com/advisories/41856
- http://www.ubuntu.com/usn/USN-1006-1
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
- http://support.apple.com/kb/HT4455
- http://support.apple.com/kb/HT4456
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- http://www.vupen.com/english/advisories/2010/3046
- http://secunia.com/advisories/42314
- http://www.securityfocus.com/bid/44206
- http://www.vupen.com/english/advisories/2011/0216
- http://www.vupen.com/english/advisories/2011/0212
- http://secunia.com/advisories/43068
- http://secunia.com/advisories/43086
- http://www.redhat.com/support/errata/RHSA-2011-0177.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
- http://www.vupen.com/english/advisories/2011/0552
- https://technet.microsoft.com/library/security/msvr11-002
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11221
Frequently Asked Questions
What is the severity of CVE-2010-3259?
CVE-2010-3259 has a severity rating that indicates a medium risk level due to its potential to bypass security restrictions.
How do I fix CVE-2010-3259?
To fix CVE-2010-3259, you should update affected software to the latest versions provided by the vendors, specifically Google Chrome, Apple Safari, and WebKitGTK+.
Which software is affected by CVE-2010-3259?
CVE-2010-3259 affects Apple Safari versions before 4.1.3 and 5.0.x before 5.0.3, Google Chrome versions before 6.0.472.53, and WebKitGTK+ versions before 1.2.6.
What type of attack is possible with CVE-2010-3259?
CVE-2010-3259 allows remote attackers to bypass the Same Origin Policy, potentially exposing sensitive information from CANVAS elements.
Is CVE-2010-3259 still a threat?
CVE-2010-3259 is primarily a historical threat, but if outdated software is still in use, it could remain vulnerable.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/google chrome
- vendor/webkitgtk
- canonical/oracle webkitgtk4-jsc
- vendor/apple
- canonical/iphone os
- canonical/safari
- version/safari/5.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.10
- version/ubuntu/9.10
- version/ubuntu/10.04