ID

VAR-201011-0048


CVE

CVE-2010-3826


TITLE

Apple Safari of WebKit Vulnerabilities in arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-002517

DESCRIPTION

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. There is an invalid conversion problem in WebKit's processing of colors in SVG documents. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) An integer overflow error in the handling of strings can be exploited to corrupt memory and potentially execute arbitrary code. 2) A weakness in the random number generator for JavaScript applications can be exploited to e.g. track users. 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information: SA41328 4) An integer underflow error in the handling of WebSockets can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error in the handling of images created from "canvas" elements can be exploited to conduct cross-origin image thefts. This is related to vulnerability #12 in: SA41242 6) An invalid cast in the handling of editing commands can potentially be exploited to execute arbitrary code. 7) An invalid cast in the handling of inline styling can potentially be exploited to execute arbitrary code. 8) An error within the handling of the History object can be exploited to spoof the address in the location bar or add arbitrary locations to the history. 9) A use-after-free error in the handling of element attributes can be exploited to corrupt memory and potentially execute arbitrary code. 10) An integer overflow error in the handling of Text objects can be exploited to corrupt memory and potentially execute arbitrary code. 11) A weakness is caused due to WebKit performing DNS prefetching for HTML Link elements even when it is disabled. 12) Multiple use-after-free errors in the handling of plugins can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #5 in: SA41014 13) A use-after-free error in the handling of element focus can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #10 in: SA41242 14) A use-after-free error in the handling of scrollbars can be exploited to corrupt memory and potentially execute arbitrary code. 15) An invalid cast in the handling of CSS 3D transforms can potentially be exploited to execute arbitrary code. 16) A use-after-free error in the handling of inline text boxes can be exploited to corrupt memory and potentially execute arbitrary code. 17) An invalid cast in the handling of CSS boxes can potentially be exploited to execute arbitrary code. 18) An unspecified error in the handling of editable elements can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code. 19) An unspecified error in the handling of the ':first-letter' pseudo-element in cascading stylesheets can be exploited to corrupt memory and potentially execute arbitrary code. 20) An uninitialised pointer error in the handling of CSS counter styles can potentially be exploited to execute arbitrary code. 21) A use-after-free error in the handling of Geolocation objects can be exploited to corrupt memory and potentially execute arbitrary code. 22) A use-after-free error in the handling of "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) An invalid cast in the handling of SVG elements in non-SVG documents can potentially be exploited to execute arbitrary code. This is related to vulnerability #2 in: SA41443 24) An invalid cast in the handling of colors in SVG documents can potentially be exploited to execute arbitrary code. SOLUTION: Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later, Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11). PROVIDED AND/OR DISCOVERED BY: 2) Amit Klein, Trusteer The vendor credits: 1, 10) J23 3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of University of Szeged, and also thabermann and chipplyman 4) Keith Campbell, and Cris Neckar, Google Chrome Security Team 5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability Research (MSVR) 6, 22, 23) wushi, team509 7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security Team 8) Mike Taylor, Opera Software 9) Michal Zalewski 11) Jeff Johnson, Rogue Amoeba Software 13) Vupen 14) Rohit Makasana, Google Inc. 20, 21) kuzzcc ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4455 Trusteer: http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

Trust: 2.25

sources: NVD: CVE-2010-3826 // JVNDB: JVNDB-2010-002517 // BID: 44971 // VULHUB: VHN-46431 // PACKETSTORM: 95992 // PACKETSTORM: 96086 // PACKETSTORM: 97846

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.9

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4

Trust: 1.1

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:safariscope:lteversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:webkitscope:eqversion:*

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.9

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:iosscope:eqversion:2.0 to 4.1 (iphone 3g after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:2.1 to 4.1 (ipod touch (2nd generation) after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.2 to 3.2.2 (ipad for )

Trust: 0.8

vendor:applemodel:ipadscope: - version: -

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:applemodel:webkitscope: - version: -

Trust: 0.6

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:neversion:4.1.3

Trust: 0.3

vendor:applemodel:iosscope:neversion:4.2

Trust: 0.3

sources: BID: 44971 // JVNDB: JVNDB-2010-002517 // CNNVD: CNNVD-201011-230 // NVD: CVE-2010-3826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3826
value: HIGH

Trust: 1.0

NVD: CVE-2010-3826
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201011-230
value: CRITICAL

Trust: 0.6

VULHUB: VHN-46431
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-3826
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46431
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46431 // JVNDB: JVNDB-2010-002517 // CNNVD: CNNVD-201011-230 // NVD: CVE-2010-3826

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2010-002517 // NVD: CVE-2010-3826

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-230

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201011-230

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002517

PATCH

title:HT4456url:http://support.apple.com/kb/HT4456

Trust: 0.8

title:HT4455url:http://support.apple.com/kb/HT4455

Trust: 0.8

title:HT4455url:http://support.apple.com/kb/HT4455?viewlocale=ja_JP

Trust: 0.8

title:SafariSetupurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35076

Trust: 0.6

title:SafariQuickTimeSetupurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35075

Trust: 0.6

title:Safari4.1.3Tigerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=35074

Trust: 0.6

sources: JVNDB: JVNDB-2010-002517 // CNNVD: CNNVD-201011-230

EXTERNAL IDS

db:NVDid:CVE-2010-3826

Trust: 2.8

db:SECUNIAid:42314

Trust: 2.0

db:VUPENid:ADV-2010-3046

Trust: 1.9

db:SECUNIAid:43068

Trust: 1.2

db:VUPENid:ADV-2011-0212

Trust: 1.1

db:JVNDBid:JVNDB-2010-002517

Trust: 0.8

db:CNNVDid:CNNVD-201011-230

Trust: 0.7

db:SECUNIAid:42264

Trust: 0.7

db:APPLEid:APPLE-SA-2010-11-18-1

Trust: 0.6

db:BIDid:44971

Trust: 0.4

db:VULHUBid:VHN-46431

Trust: 0.1

db:PACKETSTORMid:95992

Trust: 0.1

db:PACKETSTORMid:96086

Trust: 0.1

db:PACKETSTORMid:97846

Trust: 0.1

sources: VULHUB: VHN-46431 // BID: 44971 // JVNDB: JVNDB-2010-002517 // PACKETSTORM: 95992 // PACKETSTORM: 96086 // PACKETSTORM: 97846 // CNNVD: CNNVD-201011-230 // NVD: CVE-2010-3826

REFERENCES

url:http://secunia.com/advisories/42314

Trust: 1.9

url:http://www.vupen.com/english/advisories/2010/3046

Trust: 1.9

url:http://support.apple.com/kb/ht4455

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2010//nov/msg00002.html

Trust: 1.7

url:http://support.apple.com/kb/ht4456

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2010//nov/msg00003.html

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11814

Trust: 1.1

url:http://secunia.com/advisories/43068

Trust: 1.1

url:http://www.vupen.com/english/advisories/2011/0212

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3826

Trust: 0.8

url:http://jvn.jp/cert/jvnvu364004

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3826

Trust: 0.8

url:http://secunia.com/advisories/42264

Trust: 0.6

url:http://www.apple.com/safari/download/

Trust: 0.3

url:http://secunia.com/products/corporate/evm/

Trust: 0.3

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.3

url:http://secunia.com/products/corporate/vim/

Trust: 0.3

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.3

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.3

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.3

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42264

Trust: 0.1

url:http://secunia.com/advisories/42264/#comments

Trust: 0.1

url:http://secunia.com/advisories/42264/

Trust: 0.1

url:http://www.trusteer.com/sites/default/files/temporary_user_tracking_in_major_browsers.pdf

Trust: 0.1

url:http://secunia.com/advisories/42314/

Trust: 0.1

url:http://secunia.com/advisories/42314/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42314

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=43068

Trust: 0.1

url:http://secunia.com/advisories/43068/#comments

Trust: 0.1

url:http://secunia.com/advisories/43068/

Trust: 0.1

sources: VULHUB: VHN-46431 // BID: 44971 // JVNDB: JVNDB-2010-002517 // PACKETSTORM: 95992 // PACKETSTORM: 96086 // PACKETSTORM: 97846 // CNNVD: CNNVD-201011-230 // NVD: CVE-2010-3826

CREDITS

Abhishek Arya (Inferno) of the Google Chrome Security Team

Trust: 0.9

sources: BID: 44971 // CNNVD: CNNVD-201011-230

SOURCES

db:VULHUBid:VHN-46431
db:BIDid:44971
db:JVNDBid:JVNDB-2010-002517
db:PACKETSTORMid:95992
db:PACKETSTORMid:96086
db:PACKETSTORMid:97846
db:CNNVDid:CNNVD-201011-230
db:NVDid:CVE-2010-3826

LAST UPDATE DATE

2024-11-23T21:00:57.992000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-46431date:2017-09-19T00:00:00
db:BIDid:44971date:2010-11-22T18:16:00
db:JVNDBid:JVNDB-2010-002517date:2010-12-17T00:00:00
db:CNNVDid:CNNVD-201011-230date:2011-01-10T00:00:00
db:NVDid:CVE-2010-3826date:2024-11-21T01:19:41.833

SOURCES RELEASE DATE

db:VULHUBid:VHN-46431date:2010-11-22T00:00:00
db:BIDid:44971date:2010-11-18T00:00:00
db:JVNDBid:JVNDB-2010-002517date:2010-12-17T00:00:00
db:PACKETSTORMid:95992date:2010-11-19T06:21:56
db:PACKETSTORMid:96086date:2010-11-24T11:53:31
db:PACKETSTORMid:97846date:2011-01-25T03:59:20
db:CNNVDid:CNNVD-201011-230date:2010-11-23T00:00:00
db:NVDid:CVE-2010-3826date:2010-11-22T13:00:19.147