[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3259Date: (C)2010-09-07   (M)2024-02-09


WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-41856
SECUNIA-42314
SECUNIA-43068
SECUNIA-43086
BID-44206
ADV-2010-2722
ADV-2010-3046
ADV-2011-0212
ADV-2011-0216
ADV-2011-0552
APPLE-SA-2010-11-18-1
APPLE-SA-2010-11-22-1
MDVSA-2011:039
RHSA-2011:0177
SUSE-SR:2011:002
USN-1006-1
http://code.google.com/p/chromium/issues/detail?id=53001
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html
http://support.apple.com/kb/HT4455
http://support.apple.com/kb/HT4456
https://technet.microsoft.com/library/security/msvr11-002
oval:org.mitre.oval:def:11221

CPE    489
cpe:/a:google:chrome:2.0.169.0
cpe:/a:google:chrome:5.0.354.1
cpe:/a:google:chrome:5.0.354.0
cpe:/a:google:chrome:2.0.169.1
...
CWE    1
CWE-264
OVAL    15
oval:org.secpod.oval:def:17724
oval:org.secpod.oval:def:17723
oval:org.secpod.oval:def:17696
oval:org.secpod.oval:def:17695
...

© SecPod Technologies