Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-3259

Опубликовано: 07 сент. 2010
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Версия до 6.0.472.53 (исключая)
Конфигурация 2
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
Версия до 1.2.6 (исключая)
Конфигурация 3

Одно из

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Версия до 4.1.3 (исключая)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Версия от 5.0 (включая) до 5.0.3 (исключая)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Версия до 4.2 (исключая)
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

EPSS

Процентиль: 73%
0.00823
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2010-3259

ubuntu
почти 15 лет назад

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

redhat логотип

CVE-2010-3259

redhat
почти 15 лет назад

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

debian логотип

CVE-2010-3259

debian
почти 15 лет назад

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, G ...

github логотип

GHSA-ch35-3h8w-gw7f

github
около 3 лет назад

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

oracle-oval логотип

ELSA-2011-0177

oracle-oval
больше 14 лет назад

ELSA-2011-0177: webkitgtk security update (MODERATE)

EPSS

Процентиль: 73%
0.00823
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200