[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0661Date: (C)2010-02-18   (M)2023-12-22


WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1023506
SECUNIA-43068
ADV-2011-0212
SUSE-SR:2011:002
http://code.google.com/p/chromium/issues/detail?id=30660
http://flock.com/security/
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
http://trac.webkit.org/changeset/52401
https://bugs.webkit.org/show_bug.cgi?id=32647
oval:org.mitre.oval:def:14482

CPE    48
cpe:/a:google:chrome:2.0.169.0
cpe:/a:google:chrome:1.0.154.59
cpe:/a:google:chrome:0.3.154.0
cpe:/a:google:chrome:0.3.154.3
...
CWE    1
CWE-264
OVAL    3
oval:org.secpod.oval:def:770
oval:org.secpod.oval:def:769
oval:org.secpod.oval:def:768

© SecPod Technologies