CVE-2010-0651
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
WebKit anterior a versión r52784, tal como es usado en Google Chrome anterior a versión 4.0.249.78 y Apple Safari anterior a versión 4.0.5, permite la carga de hojas de estilos CSS de origen cruzado, incluso cuando la descarga de hojas de estilo tiene un tipo MIME incorrecto y el documento de hojas de estilo está malformado, lo que permite a los atacantes remotos obtener información confidencial por medio de un documento especialmente diseñado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-02-18 CVE Reserved
- 2010-02-18 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://code.google.com/p/chromium/issues/detail?id=9877 | Third Party Advisory | |
| http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html | Third Party Advisory | |
| http://securitytracker.com/id?1023506 | Third Party Advisory | |
| http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs | Third Party Advisory | |
| http://websec.sv.cmu.edu/css/css.pdf | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2010/2722 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0212 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0552 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13653 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html | 2017-09-19 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | 2017-09-19 | |
| http://trac.webkit.org/changeset/52784 | 2017-09-19 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 | 2017-09-19 | |
| http://www.ubuntu.com/usn/USN-1006-1 | 2017-09-19 | |
| https://bugs.webkit.org/show_bug.cgi?id=29820 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Webkit Search vendor "Apple" for product "Webkit" | <= r53524 Search vendor "Apple" for product "Webkit" and version " <= r53524" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 4.0.249.78 Search vendor "Google" for product "Chrome" and version " <= 4.0.249.78" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | <= 4.0.4 Search vendor "Apple" for product "Safari" and version " <= 4.0.4" | - |
Affected
| ||||||