CVE-2010-0651

CWE-200Information Exposure8 documents5 sources
Severity
4.3MEDIUM
EPSS
2.3%
top 15.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple SafariApple WebkitGoogle Chrome
Timeline
PublishedFeb 18
Latest updateMay 2

Description

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDapple/safari4.0.4
NVDapple/webkitr53524
NVDgoogle/chrome4.0.249.78

Patches

Patch: googlechromereleases.blogspot.comPatch: googlechromereleases.blogspot.com

🔴Vulnerability Details

2
GHSA
GHSA-vffh-48qx-8xgf: WebKit before r52784, as used in Google Chrome before 42022-05-02
CVEList
CVE-2010-0651: WebKit before r52784, as used in Google Chrome before 42010-02-18

📋Vendor Advisories

2
Red Hat
webkit: remote information disclosure2009-01-26
Red Hat
webkit: remote information disclosure2009-01-26

💬Community

3
Bugzilla
CVE-2010-2794 spice-xpi symlink attack2010-08-02
Bugzilla
CVE-2010-2792 spice-xpi/qspice-client unix socket race2010-08-02
Bugzilla
CVE-2010-0651 webkit: remote information disclosure2010-02-24
CVE-2010-0651 (MEDIUM CVSS 4.3) | WebKit before r52784 | cvebase.io