Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | WebKit vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-1195-1 | First vendor Publication | 2011-08-23 |
| Vendor | Ubuntu | Last vendor Modification | 2011-08-23 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: Ubuntu 10.04 LTS: After a standard system update you need to restart any applications that use WebKit, such as Epiphany and Midori, to make all the necessary changes. References: Package Information: |
Original Source
| Url : http://www.ubuntu.com/usn/USN-1195-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 22 % | CWE-416 | Use After Free |
| 22 % | CWE-20 | Improper Input Validation |
| 17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 11 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 6 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 6 % | CWE-704 | Incorrect Type Conversion or Cast |
| 6 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
| 6 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 6 % | CWE-125 | Out-of-bounds Read |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11429 | |||
| Oval ID: | oval:org.mitre.oval:def:11429 | ||
| Title: | Vulnerability in Google Chrome before 7.0.517.44 via a crafted SVG document | ||
| Description: | Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4199 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11475 | |||
| Oval ID: | oval:org.mitre.oval:def:11475 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 8.0.552.215 via vectors involving SVG animations | ||
| Description: | Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4492 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11689 | |||
| Oval ID: | oval:org.mitre.oval:def:11689 | ||
| Title: | Integer overflow vulnerability in WebKit in Apple Safari before 5.0.3 versions | ||
| Description: | Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3812 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Apple Safari |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11818 | |||
| Oval ID: | oval:org.mitre.oval:def:11818 | ||
| Title: | Vulnerability in large canvas handling in Google Chrome before 5.0.375.125 | ||
| Description: | Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2900 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11865 | |||
| Oval ID: | oval:org.mitre.oval:def:11865 | ||
| Title: | Vulnerability in Geolocation feature in Google Chrome before 5.0.375.127 | ||
| Description: | Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3120 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11949 | |||
| Oval ID: | oval:org.mitre.oval:def:11949 | ||
| Title: | Denial of Service vulnerability in Google Chrome before 7.0.517.44 via unknown vectors | ||
| Description: | Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4206 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11981 | |||
| Oval ID: | oval:org.mitre.oval:def:11981 | ||
| Title: | Unspecified Vulnerability in solate sandboxed IFRAME elements in Google Chrome before 5.0.375.99 | ||
| Description: | Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2646 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11997 | |||
| Oval ID: | oval:org.mitre.oval:def:11997 | ||
| Title: | Vulnerability in rendering implementation in Google Chrome before 5.0.375.125 | ||
| Description: | The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2901 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12028 | |||
| Oval ID: | oval:org.mitre.oval:def:12028 | ||
| Title: | Vulnerability in Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 | ||
| Description: | The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2651 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12119 | |||
| Oval ID: | oval:org.mitre.oval:def:12119 | ||
| Title: | Google Chrome WebSockets Implementation Integer Handling Unspecified Remote DoS | ||
| Description: | The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3254 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12129 | |||
| Oval ID: | oval:org.mitre.oval:def:12129 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 8.0.552.215 | ||
| Description: | Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4493 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12157 | |||
| Oval ID: | oval:org.mitre.oval:def:12157 | ||
| Title: | Vulnerability in Google Chrome before 7.0.517.44 via a crafted HTML document | ||
| Description: | WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4198 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12174 | |||
| Oval ID: | oval:org.mitre.oval:def:12174 | ||
| Title: | Denial of Service vulnerability in Google Chrome before 7.0.517.44 via unknown vectors | ||
| Description: | WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4204 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12266 | |||
| Oval ID: | oval:org.mitre.oval:def:12266 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 7.0.517.44 via vectors involving text editing | ||
| Description: | Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4197 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12293 | |||
| Oval ID: | oval:org.mitre.oval:def:12293 | ||
| Title: | Vulnerability in WebKit in Apple Safari before 5.0.3 versions | ||
| Description: | The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3813 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Apple Safari |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12384 | |||
| Oval ID: | oval:org.mitre.oval:def:12384 | ||
| Title: | DSA-2188-1 webkit -- several | ||
| Description: | Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1783 WebKit does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. CVE-2010-2901 The rendering implementation in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2010-4199 WebKit does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. CVE-2010-4040 WebKit does not properly handle animated GIF images, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. CVE-2010-4492 Use-after-free vulnerability in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. CVE-2010-4493 Use-after-free vulnerability in Webkit allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events CVE-2010-4577 The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit does not properly parse Cascading Style Sheets token sequences, which allows remote attackers to cause a denial of service via a crafted local font, related to "Type Confusion." CVE-2010-4578 WebKit does not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." CVE-2011-0482 WebKit does not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document CVE-2011-0778 WebKit does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2188-1 CVE-2010-1783 CVE-2010-2901 CVE-2010-4199 CVE-2010-4040 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2010-0474 CVE-2011-0482 CVE-2011-0778 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | webkit |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13953 | |||
| Oval ID: | oval:org.mitre.oval:def:13953 | ||
| Title: | The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||
| Description: | The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4577 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14173 | |||
| Oval ID: | oval:org.mitre.oval:def:14173 | ||
| Title: | USN-1195-1 -- webkit vulnerabilities | ||
| Description: | webkit: Web content engine library for GTK+ Multiple security vulnerabilities were fixed in WebKit. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1195-1 CVE-2010-1824 CVE-2010-2646 CVE-2010-2651 CVE-2010-2900 CVE-2010-2901 CVE-2010-3120 CVE-2010-3254 CVE-2010-3812 CVE-2010-3813 CVE-2010-4040 CVE-2010-4042 CVE-2010-4197 CVE-2010-4198 CVE-2010-4199 CVE-2010-4204 CVE-2010-4206 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2011-0482 CVE-2011-0778 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | webkit |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14228 | |||
| Oval ID: | oval:org.mitre.oval:def:14228 | ||
| Title: | Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| Description: | Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0778 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14323 | |||
| Oval ID: | oval:org.mitre.oval:def:14323 | ||
| Title: | Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." | ||
| Description: | Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4578 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14662 | |||
| Oval ID: | oval:org.mitre.oval:def:14662 | ||
| Title: | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. | ||
| Description: | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0482 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21433 | |||
| Oval ID: | oval:org.mitre.oval:def:21433 | ||
| Title: | RHSA-2011:0177: webkitgtk security update (Moderate) | ||
| Description: | The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0177-01 CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-1807 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-3116 CVE-2010-3119 CVE-2010-3255 CVE-2010-3257 CVE-2010-3259 CVE-2010-3812 CVE-2010-3813 CVE-2010-4197 CVE-2010-4198 CVE-2010-4204 CVE-2010-4206 CVE-2010-4577 | Version: | 393 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | webkitgtk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23285 | |||
| Oval ID: | oval:org.mitre.oval:def:23285 | ||
| Title: | ELSA-2011:0177: webkitgtk security update (Moderate) | ||
| Description: | The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0177-01 CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-1807 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-3116 CVE-2010-3119 CVE-2010-3255 CVE-2010-3257 CVE-2010-3259 CVE-2010-3812 CVE-2010-3813 CVE-2010-4197 CVE-2010-4198 CVE-2010-4204 CVE-2010-4206 CVE-2010-4577 | Version: | 125 |
| Platform(s): | Oracle Linux 6 | Product(s): | webkitgtk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27757 | |||
| Oval ID: | oval:org.mitre.oval:def:27757 | ||
| Title: | DEPRECATED: ELSA-2011-0177 -- webkitgtk security update (moderate) | ||
| Description: | [1.2.6-2] - Added fix for js regression [1.2.6-1] - Update to 1.2.6 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0177 CVE-2010-3255 CVE-2010-3257 CVE-2010-3259 CVE-2010-3812 CVE-2010-3813 CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-1807 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-3116 CVE-2010-3119 CVE-2010-4197 CVE-2010-4198 CVE-2010-4204 CVE-2010-4206 CVE-2010-4577 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | webkitgtk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6654 | |||
| Oval ID: | oval:org.mitre.oval:def:6654 | ||
| Title: | Denial of service vulnerability in Google Chrome before 7.0.517.41 | ||
| Description: | Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4042 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7151 | |||
| Oval ID: | oval:org.mitre.oval:def:7151 | ||
| Title: | Vulnerability in WebKit used in Google Chrome version less than 6.0.472.59 via vectors related to SVG styles | ||
| Description: | Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1824 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7646 | |||
| Oval ID: | oval:org.mitre.oval:def:7646 | ||
| Title: | Google Chrome before 7.0.517.41 does not properly handle animated GIF images | ||
| Description: | Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4040 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2012-11-01 | Konqueror 4.7.3 Memory Corruption |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-06-05 | Name : RedHat Update for webkitgtk RHSA-2011:0177-01 File : nvt/gb_RHSA-2011_0177-01_webkitgtk.nasl |
| 2011-08-27 | Name : Ubuntu Update for webkit USN-1195-1 File : nvt/gb_ubuntu_USN_1195_1.nasl |
| 2011-08-12 | Name : Apple Safari Multiple Vulnerabilities - March 2011 (Mac OS X) File : nvt/gb_apple_safari_mult_vuln_mar11_macosx.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2188-1 (webkit) File : nvt/deb_2188_1.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201012-01 (chromium) File : nvt/glsa_201012_01.nasl |
| 2011-03-07 | Name : Mandriva Update for webkit MDVSA-2011:039 (webkit) File : nvt/gb_mandriva_MDVSA_2011_039.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2166-1 (chromium-browser) File : nvt/deb_2166_1.nasl |
| 2011-03-05 | Name : FreeBSD Ports: webkit-gtk2 File : nvt/freebsd_webkit-gtk23.nasl |
| 2011-02-18 | Name : Fedora Update for webkitgtk FEDORA-2011-1224 File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl |
| 2011-02-08 | Name : Google Chrome multiple vulnerabilities - February 11(Windows) File : nvt/gb_google_chrome_mult_vuln_feb11_win.nasl |
| 2011-02-08 | Name : Google Chrome multiple vulnerabilities - February 11(Linux) File : nvt/gb_google_chrome_mult_vuln_feb11_lin.nasl |
| 2011-01-27 | Name : Google Chrome multiple vulnerabilities - Jan11 (Linux) File : nvt/gb_google_chrome_mult_vuln_jan11_lin.nasl |
| 2011-01-27 | Name : Google Chrome multiple vulnerabilities - Jan11 (Windows) File : nvt/gb_google_chrome_mult_vuln_jan11_win.nasl |
| 2011-01-24 | Name : FreeBSD Ports: webkit-gtk2 File : nvt/freebsd_webkit-gtk22.nasl |
| 2011-01-11 | Name : Fedora Update for webkitgtk FEDORA-2011-0121 File : nvt/gb_fedora_2011_0121_webkitgtk_fc13.nasl |
| 2010-12-29 | Name : Google Chrome multiple vulnerabilities - Dec10 (Linux) File : nvt/gb_google_chrome_mult_vuln_dec10_lin01.nasl |
| 2010-12-29 | Name : Google Chrome multiple vulnerabilities - Dec10 (Windows) File : nvt/gb_google_chrome_mult_vuln_dec10_win01.nasl |
| 2010-12-27 | Name : Google Chrome multiple vulnerabilities - Dec 10(Windows) File : nvt/gb_google_chrome_mult_vuln_dec10_win.nasl |
| 2010-12-27 | Name : Google Chrome multiple vulnerabilities - Dec 10(Linux) File : nvt/gb_google_chrome_mult_vuln_dec10_lin.nasl |
| 2010-11-23 | Name : Apple Safari Webkit Multiple Vulnerabilities - Nov10 File : nvt/gb_apple_safari_webkit_mult_vuln_nov10.nasl |
| 2010-11-18 | Name : Google Chrome multiple vulnerabilities - November 10(Linux) File : nvt/gb_google_chrome_mult_vuln_nov10_lin.nasl |
| 2010-11-18 | Name : Google Chrome multiple vulnerabilities - November 10(Windows) File : nvt/gb_google_chrome_mult_vuln_nov10_win.nasl |
| 2010-10-28 | Name : Google Chrome multiple vulnerabilities - October 10(Linux) File : nvt/gb_google_chrome_mult_vuln_oct10_lin.nasl |
| 2010-10-28 | Name : Google Chrome multiple vulnerabilities - October 10(Windows) File : nvt/gb_google_chrome_mult_vuln_oct10_win.nasl |
| 2010-09-21 | Name : Google Chrome multiple vulnerabilities Sep-10 (Windows) File : nvt/secpod_google_chrome_mult_vuln_sep10_win.nasl |
| 2010-09-21 | Name : Google Chrome multiple vulnerabilities Sep-10 (Linux) File : nvt/secpod_google_chrome_mult_vuln_sep10_lin.nasl |
| 2010-09-21 | Name : Google Chrome multiple vulnerabilities (Windows) Sep10 File : nvt/gb_google_chrome_mult_vuln_sep10_win.nasl |
| 2010-09-21 | Name : Google Chrome multiple vulnerabilities (Linux) File : nvt/gb_google_chrome_mult_vuln_sep10_lin.nasl |
| 2010-08-26 | Name : Google Chrome multiple vulnerabilities - (Aug10) File : nvt/secpod_google_chrome_mult_vuln_aug10.nasl |
| 2010-08-02 | Name : Google Chrome Multiple Unspecified Vulnerabilities - July 10 File : nvt/secpod_google_chrome_mult_unspecified_vuln_jul10.nasl |
| 2010-07-12 | Name : Google Chrome multiple vulnerabilities - July 10 File : nvt/gb_google_chrome_mult_vuln_jul10.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 70989 | Google Chrome Drag and Drop Same Origin Policy Bypass Google Chrome contains a flaw related to the failure to properly restrict cross-origin drag and drop operations that may allow a remote attacker to bypass the Same Origin Policy. No further details have been provided. |
| 70465 | Google Chrome HTML Document Anchor Unspecified Variable Casting Remote DoS Google Chrome contains a flaw that may allow a denial of service. The issue is triggered when the program fails to properly perform a cast of an unspecified variable during handling of anchors, allowing a context-dependent attacker to use a crafted HTML document to cause a denial of servce or possibly have other unspecified impact. |
| 70106 | Google Chrome Cursor Handling Stale Pointer Remote DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly perform cursor handling, allowing a remote attacker to cause a denial of service via unknown vectors leading to 'stale pointers'. |
| 70105 | Google Chrome CSS Token Sequence Out-of-bounds Read Remote DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly parse CSS token sequences, allowing a remote attacker to cause an out-of-bounds read denial of service via unspecified vectors. |
| 69672 | Google Chrome Mouse Drag Event Use-after-free Remote DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when a use-after-free error in the handling of mouse dragging events is exploited to cause a loss of availability. |
| 69671 | Google Chrome SVG Animation Use-after-free Remote DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when a use-after-free vulnerability is exploited to cause a loss of availability for the program via vectors involving SVG animations. |
| 69434 | Apple Safari WebKit HTML Link Element DNS Prefetch Setting Bypass Apple Safari contains a flaw related to the WebKit's HTML Link Element. The issue is triggered when WebKit encounters an HTML Link Element that requests DNS prefetching. This will bypass any prefetching preference that has been set, and may result in undesired requests to remote servers. |
| 69433 | Apple Safari WebKit wholeText Method Size Calculation Overflow Apple WebKit in Apple Safari before 5.0.3 on Windows 7, Windows Vista, Windows XP SP2 or later, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, and Apple WebKit in Apple Safari before 4.1.3 on Mac OS X v10.4.11 and Mac OS X Server v10.4.11 is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an integer overflow while handling Text objects. Visiting a specially crafted website a remote attacker can potentially cause an unexpected application termination or arbitrary code execution. |
| 69172 | Google Chrome SVG Document Out-of-bounds Array Index Memory Access DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program accesses memory in an out-of-bounds array index while processing an SVG document, allowing a context-dependent attacker to cause a denial of service or possibly have other unspecified impact. |
| 69170 | Google Chrome Destroyed Frame Object Access Remote DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program accesses a frame object after it has been destroyed, allowing a context-dependent attacker to cause a denial of service or possibly have other unspecified impact. |
| 69165 | Google Chrome SVG Document use Element Variable Casting Weakness Remote DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly perform the cast of an unspecified variable during processing of an SVG use element, allowing a context-dependent attacker to use a crafted SVG document to cause a denial of service or possibly have other unspecified impact. |
| 69164 | Google Chrome Crafted HTML Document Text Area Handling Memory Corruption A memory corruption flaw exists in Google Chrome. The program fails to sanitize user-supplied input when processing large text areas, resulting in memory corruption. With a specially crafted HTML document, a context-dependent attacker can cause a denial of service, or possibly have other unspecified impact. |
| 69163 | Google Chrome Text Editing Use-after-free Remote DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when a use-after-free error related to text editing is exploited to cause a denial of service. |
| 68843 | Google Chrome Stale Element Map Handling DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly handle stale elements in element maps, allowing a remote attacker to cause a denial of service. |
| 68841 | Google Chrome Crafted Animated GIF Handling Memory Corruption A memory corruption flaw exists in Google Chrome. The program fails to sanitize user-supplied input when processing animated GIF images, resulting in memory corruption. With a specially crafted .gif image file, a context-dependent attacker can execute arbitrary code. |
| 68102 | Apple WebKit SVG Style Use-after-free Arbitrary Code Execution |
| 67862 | Google Chrome WebSockets Implementation Integer Handling Unspecified Remote DoS |
| 67467 | Google Chrome Geolocation Feature Weakness Memory Corruption DoS |
| 66749 | Google Chrome Large Canvas Handling Weakness |
| 66748 | Google Chrome Rendering Implementation Unspecified Remote DoS |
| 66049 | Google Chrome CSS Style Rendering Weakness Memory Corruption DoS |
| 66044 | Google Chrome IFRAME Element Sandbox Weakness |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Google Chrome Uninitialized bug_report Pointer Code Execution RuleID : 19217 - Revision : 14 - Type : BROWSER-CHROME |
| 2014-01-10 | Google Chrome Uninitialized bug_report Pointer Code Execution RuleID : 19216 - Revision : 14 - Type : BROWSER-CHROME |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-09.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libwebkit-110223.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libwebkit-110104.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0177.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110125_webkitgtk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2011-08-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1195-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_webkit-1_2_7-update-110622.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libwebkit-110223.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libwebkit-110111.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2188.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_0_4.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari5_0_4.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-039.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_2_banner.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_10_2.nasl - Type : ACT_GATHER_INFO |
| 2011-02-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2166.nasl - Type : ACT_GATHER_INFO |
| 2011-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1224.nasl - Type : ACT_GATHER_INFO |
| 2011-02-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_35ecdcbe350111e0afcd0015f2db7bde.nasl - Type : ACT_GATHER_INFO |
| 2011-02-04 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_9_0_597_84.nasl - Type : ACT_GATHER_INFO |
| 2011-01-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0177.nasl - Type : ACT_GATHER_INFO |
| 2011-01-13 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_8_0_552_237.nasl - Type : ACT_GATHER_INFO |
| 2011-01-10 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0121.nasl - Type : ACT_GATHER_INFO |
| 2011-01-03 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_06a12e26142e11e0bea20015f2db7bde.nasl - Type : ACT_GATHER_INFO |
| 2010-12-14 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_8_0_552_224.nasl - Type : ACT_GATHER_INFO |
| 2010-12-03 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_8_0_552_215.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari5_0_3.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_0_3.nasl - Type : ACT_GATHER_INFO |
| 2010-11-04 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_7_0_517_44.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_7_0_517_41.nasl - Type : ACT_GATHER_INFO |
| 2010-09-15 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_6_0_472_59.nasl - Type : ACT_GATHER_INFO |
| 2010-09-02 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_6_0_472_53.nasl - Type : ACT_GATHER_INFO |
| 2010-08-20 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_5_0_375_127.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_5_0_375_125.nasl - Type : ACT_GATHER_INFO |
| 2010-07-05 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_5_0_375_99.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:58:54 |
|
