Описание
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 31.0.1650.63-0ubuntu1~20131204.1 |
| lucid | ignored | end of life |
| precise | released | 31.0.1650.63-0ubuntu0.12.04.1~20131204.1 |
| quantal | released | 31.0.1650.63-0ubuntu0.12.10.1~20131204.1 |
| raring | released | 31.0.1650.63-0ubuntu0.13.04.1~20131204.1 |
| saucy | released | 31.0.1650.63-0ubuntu0.13.10.1~20131204.1 |
| upstream | released | 31.0.1650.63 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.
The FrameLoader::notifyIfInitialDocumentAccessed function in core/load ...
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.
EPSS
4.3 Medium
CVSS2