CVE-2011-4692
https://notcve.org/view.php?id=CVE-2011-4692
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. WebKit, como se usa en Apple Safari v5.1.1 y anteriores, y Google Chrome v15 y anteriores, no impide la captura de datos sobre el tiempo necesario para cargar la imagen, lo que hace más fácil para los atacantes remotos para determinar si una imagen existe en la caché del navegador a través de código JavaScript modificado, como lo demuestra visipisi. • http://lcamtuf.coredump.cx/cachetime http://oxplot.github.com/visipisi/visipisi.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14098 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-3897 – WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3897
Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing. Vulnerabilidad de uso después de liberación en Google Chrome anteriores a v15.0.874.120 permite al atacante remoto asistido por el usario provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la edición. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the library attempts to replace a particular element due to an HTML5 ContentEditable command. Due to the library not accommodating for DOM mutation events that can be made to occur, an aggressor can modify the tree out from underneath the library, leading to a type change. • http://code.google.com/p/chromium/issues/detail?id=102242 http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/46933 http://secunia.com/advisories/48274 http://secunia.com/advisories/48288 http://secunia.com/advisories/4 • CWE-416: Use After Free •
CVE-2011-3887
https://notcve.org/view.php?id=CVE-2011-3887
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. Google Chrome en versiones anteriores a la 15.0.874.102 no maneja apropiadamente javascript: URLs, lo que permite a atacantes remotos evitar las restricciones previstas de acceso y leer cookies a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=98407 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html http://secunia.com/advisories/48288 http://secunia.com/advisories/48377 http://www.securitytracker.com/id?1026774 https://exchange.xforce.ibmcloud.com/vulnerabilities/70965 https://oval.cisecurity.org/repository/search/d • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVE-2011-2845
https://notcve.org/view.php?id=CVE-2011-2845
Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. Google Chrome antes de v15.0.874.102 no maneja adecuadamente los datos del historial, lo que permite a atacantes remotos asistidos por el usuario falsificar la barra de URL a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=86758 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5400 http://support.apple.com/kb/HT5503 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13044 • CWE-20: Improper Input Validation •
CVE-2011-3881
https://notcve.org/view.php?id=CVE-2011-3881
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. Google Chrome en versiones anteriores a la 15.0.874.102 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. • http://code.google.com/p/chromium/issues/detail?id=96047 http://code.google.com/p/chromium/issues/detail?id=96885 http://code.google.com/p/chromium/issues/detail?id=98053 http://code.google.com/p/chromium/issues/detail?id=99512 http://code.google.com/p/chromium/issues/detail? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •