4.3

CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 6.0.472.53
WebkitgtkWebkitgtk Version < 1.2.6
AppleSafari Version < 4.1.3
AppleSafari Version >= 5.0 < 5.0.3
AppleiPhone OS Version < 4.2
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.6% 0.726
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/43068
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212
Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/42314
Third Party Advisory
http://support.apple.com/kb/HT4456
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3046
Third Party Advisory
http://secunia.com/advisories/41856
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Third Party Advisory
http://www.ubuntu.com/usn/USN-1006-1
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2722
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0552
Third Party Advisory
http://secunia.com/advisories/43086
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0177.html
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0216
Third Party Advisory
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT4455
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=53001
Patch
Vendor Advisory
http://www.securityfocus.com/bid/44206
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11221
Third Party Advisory
https://technet.microsoft.com/library/security/msvr11-002
Broken Link