4.3

CVE-2010-3259

EPSS 0.82%
Published 07.09.2010 18:00:03
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

Affected products Warnungen 0 Metrics 2 CWE 1 References 25

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version < 6.0.472.53

Webkitgtk ≫ Webkitgtk Version < 1.2.6

Apple ≫ Safari Version < 4.1.3

Apple ≫ Safari Version >= 5.0 < 5.0.3

Apple ≫ iPhone OS Version < 4.2

Canonical ≫ Ubuntu Linux Version9.10

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version10.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.82%	0.722

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/43068

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0212

Third Party Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/42314

Third Party Advisory

http://support.apple.com/kb/HT4456

Third Party Advisory

http://www.vupen.com/english/advisories/2010/3046

Third Party Advisory

http://secunia.com/advisories/41856

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Third Party Advisory

http://www.ubuntu.com/usn/USN-1006-1

Third Party Advisory

http://www.vupen.com/english/advisories/2010/2722

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0552

Third Party Advisory

http://secunia.com/advisories/43086

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-0177.html

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0216

Third Party Advisory

http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html

Vendor Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT4455

Third Party Advisory

http://code.google.com/p/chromium/issues/detail?id=53001

Patch

Vendor Advisory

http://www.securityfocus.com/bid/44206

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11221

Third Party Advisory

https://technet.microsoft.com/library/security/msvr11-002

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2010-3259

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3259

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3259

EUVD