CVE-2013-6636

Опубликовано: 07 дек. 2013

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Версия до 31.0.1650.62 (включая)

cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:31.0.1650.61:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00725

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2013-6636

ubuntu

около 12 лет назад

CVE-2013-6636

debian

около 12 лет назад

The FrameLoader::notifyIfInitialDocumentAccessed function in core/load ...

GHSA-h7rm-f5x3-9mh4

github

больше 3 лет назад

EPSS

Процентиль: 72%

0.00725

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20