CVE-2010-3255 – webkit: DoS via improper handling of counter nodes
https://notcve.org/view.php?id=CVE-2010-3255
Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Chrome de Google anterior a versión 6.0.472.53 y webkitgtk anterior a versión 1.2.6, no maneja apropiadamente los nodos contadores, lo que permite a los atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado por medio de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=51653 http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html http://secunia.com/advisories/43086 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.redhat.com/support/errata/RHSA-2011-0177.html http://www.vupen.com/english/advisories/2011/0216 http://www.vupen.com/english/advisories/2011/0552 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11736 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3257 – webkit: stale pointer issue with focusing
https://notcve.org/view.php?id=CVE-2010-3257
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. Google Chrome anterior a v6.0.472.53 no realiza apropiadamente el manejo del foco, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otros impactos sin especificar a través de vectores desconocidos. Relacionado con un problema "stale pointer" • http://code.google.com/p/chromium/issues/detail?id=52443 http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://secunia • CWE-416: Use After Free •
CVE-2010-3113 – webkit: memory corruption when handling SVG documents
https://notcve.org/view.php?id=CVE-2010-3113
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController. Google Chrome anterior a v5.0.375.127 no maneja correctamente los documentos SVG, lo que podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tenga otros impactos sin especificar a través de vectores desconocidos • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=628032 http://code.google.com/p/chromium/issues/detail?id=49596 http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html http://secunia.com/advisories/41856 http://secunia.com/advisories/43086 http://trac.webkit.org/changeset/63865 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.redhat.com/support/errata/RHSA-2011-0177.html http://www.securityfocus.com/bid/44199 http://www.u • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3114 – webkit: bad cast with text editing
https://notcve.org/view.php?id=CVE-2010-3114
The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSeparatorCommand.cpp in WebCore/editing/. La implementación de edición de texto en Google Chrome anterior a v5.0.375.127 no realiza conversiones de forma correcta, lo que podría tener impacto y vectores de ataque no especificados. • http://code.google.com/p/chromium/issues/detail?id=49628 http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html http://secunia.com/advisories/41856 http://secunia.com/advisories/43086 http://trac.webkit.org/changeset/63773 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.redhat.com/support/errata/RHSA-2011-0177.html http://www.securityfocus.com/bid/44201 http://www.ubuntu.com/usn/USN-1006-1 http://www.vupen.com/english/ •
CVE-2010-3116 – webkit: memory corruption with MIME types
https://notcve.org/view.php?id=CVE-2010-3116
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. Google Chrome anterior a v5.0.375.127 no procesa correctamente los tipos MIME, lo que podría permitir a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto mediante vectores desconocidos • http://code.google.com/p/chromium/issues/detail?id=50515 http://code.google.com/p/chromium/issues/detail?id=51835 http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 • CWE-416: Use After Free •