CVE-2010-3259: Infoleak
First published: Tue Sep 07 2010(Updated: )
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <6.0.472.53 | |
| WebKitGTK WebKitGTK | <1.2.6 | |
| Apple iPhone OS | <4.2 | |
| Apple Safari | <4.1.3 | |
| Apple Safari | >=5.0<5.0.3 | |
| Canonical Ubuntu Linux | =10.10 | |
| Canonical Ubuntu Linux | =9.10 | |
| Canonical Ubuntu Linux | =10.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html
- http://code.google.com/p/chromium/issues/detail?id=53001
- http://www.vupen.com/english/advisories/2010/2722
- http://secunia.com/advisories/41856
- http://www.ubuntu.com/usn/USN-1006-1
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
- http://support.apple.com/kb/HT4455
- http://support.apple.com/kb/HT4456
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- http://www.vupen.com/english/advisories/2010/3046
- http://secunia.com/advisories/42314
- http://www.securityfocus.com/bid/44206
- http://www.vupen.com/english/advisories/2011/0216
- http://www.vupen.com/english/advisories/2011/0212
- http://secunia.com/advisories/43068
- http://secunia.com/advisories/43086
- http://www.redhat.com/support/errata/RHSA-2011-0177.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
- http://www.vupen.com/english/advisories/2011/0552
- https://technet.microsoft.com/library/security/msvr11-002
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11221
- agent/references
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/remedy
- agent/tags
- agent/event
- agent/author
- collector/mitre-cve
- source/MITRE
- vendor/google
- canonical/google chrome
- vendor/webkitgtk
- canonical/webkitgtk webkitgtk
- vendor/apple
- canonical/apple iphone os
- canonical/apple safari
- version/apple safari/5.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.10
- version/canonical ubuntu linux/9.10
- version/canonical ubuntu linux/10.04