Executive Summary

Informations
Name CVE-2011-0778 First vendor Publication 2011-02-04
Vendor Cve Last vendor Modification 2017-09-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0778

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12384
 
Oval ID: oval:org.mitre.oval:def:12384
Title: DSA-2188-1 webkit -- several
Description: Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1783 WebKit does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. CVE-2010-2901 The rendering implementation in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2010-4199 WebKit does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. CVE-2010-4040 WebKit does not properly handle animated GIF images, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. CVE-2010-4492 Use-after-free vulnerability in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. CVE-2010-4493 Use-after-free vulnerability in Webkit allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events CVE-2010-4577 The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit does not properly parse Cascading Style Sheets token sequences, which allows remote attackers to cause a denial of service via a crafted local font, related to "Type Confusion." CVE-2010-4578 WebKit does not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." CVE-2011-0482 WebKit does not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document CVE-2011-0778 WebKit does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
Family: unix Class: patch
Reference(s): DSA-2188-1
CVE-2010-1783
CVE-2010-2901
CVE-2010-4199
CVE-2010-4040
CVE-2010-4492
CVE-2010-4493
CVE-2010-4577
CVE-2010-4578
CVE-2010-0474
CVE-2011-0482
CVE-2011-0778
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): webkit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14173
 
Oval ID: oval:org.mitre.oval:def:14173
Title: USN-1195-1 -- webkit vulnerabilities
Description: webkit: Web content engine library for GTK+ Multiple security vulnerabilities were fixed in WebKit.
Family: unix Class: patch
Reference(s): USN-1195-1
CVE-2010-1824
CVE-2010-2646
CVE-2010-2651
CVE-2010-2900
CVE-2010-2901
CVE-2010-3120
CVE-2010-3254
CVE-2010-3812
CVE-2010-3813
CVE-2010-4040
CVE-2010-4042
CVE-2010-4197
CVE-2010-4198
CVE-2010-4199
CVE-2010-4204
CVE-2010-4206
CVE-2010-4492
CVE-2010-4493
CVE-2010-4577
CVE-2010-4578
CVE-2011-0482
CVE-2011-0778
 Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
 Product(s): webkit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14228
 
Oval ID: oval:org.mitre.oval:def:14228
Title: Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
Description: Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0778
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1071

OpenVAS Exploits

Date Description
2011-08-27 Name : Ubuntu Update for webkit USN-1195-1
File : nvt/gb_ubuntu_USN_1195_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2188-1 (webkit)
File : nvt/deb_2188_1.nasl
2011-03-07 Name : Debian Security Advisory DSA 2166-1 (chromium-browser)
File : nvt/deb_2166_1.nasl
2011-03-05 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk23.nasl
2011-02-18 Name : Fedora Update for webkitgtk FEDORA-2011-1224
File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl
2011-02-08 Name : Google Chrome multiple vulnerabilities - February 11(Linux)
File : nvt/gb_google_chrome_mult_vuln_feb11_lin.nasl
2011-02-08 Name : Google Chrome multiple vulnerabilities - February 11(Windows)
File : nvt/gb_google_chrome_mult_vuln_feb11_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70989 Google Chrome Drag and Drop Same Origin Policy Bypass

Google Chrome contains a flaw related to the failure to properly restrict cross-origin drag and drop operations that may allow a remote attacker to bypass the Same Origin Policy. No further details have been provided.

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libwebkit-110223.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1195-1.nasl - Type : ACT_GATHER_INFO
2011-06-29 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_webkit-1_2_7-update-110622.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libwebkit-110223.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2188.nasl - Type : ACT_GATHER_INFO
2011-02-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2166.nasl - Type : ACT_GATHER_INFO
2011-02-18 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1224.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_35ecdcbe350111e0afcd0015f2db7bde.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_9_0_597_84.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://code.google.com/p/chromium/issues/detail?id=59081
http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html
DEBIAN http://www.debian.org/security/2011/dsa-2166
http://www.debian.org/security/2011/dsa-2188
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECUNIA http://secunia.com/advisories/43368
SUSE http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
VUPEN http://www.vupen.com/english/advisories/2011/0408

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2021-05-05 01:08:09
  • Multiple Updates
2021-05-04 12:14:01
  • Multiple Updates
2021-04-22 01:15:12
  • Multiple Updates
2020-09-29 01:06:23
  • Multiple Updates
2020-05-23 01:43:54
  • Multiple Updates
2020-05-23 00:27:50
  • Multiple Updates
2017-09-19 09:24:14
  • Multiple Updates
2016-04-26 20:33:40
  • Multiple Updates
2015-11-13 21:23:18
  • Multiple Updates
2014-10-28 13:25:27
  • Multiple Updates
2014-06-14 13:30:21
  • Multiple Updates
2014-02-21 13:21:39
  • Multiple Updates
2014-02-17 11:00:34
  • Multiple Updates
2013-05-10 22:54:53
  • Multiple Updates