CVE-2010-1422 — Improper Input Validation in Apple Safari

CWE-20 — Improper Input Validation10 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

1.1%

top 22.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Apple Safari

Timeline

PublishedJun 11

Latest updateMay 17

Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/safari4.0.5+6

▶NVDgoogle/chrome< 5.0.375.70

Patches

Patch: lists.apple.com ↗Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-rq4x-8v8c-7f6x: WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulne↗2022-05-17

▶

GHSA

GHSA-vr29-mm4v-x5ph: page/EventHandler↗2022-05-13

▶

GHSA

GHSA-xvcw-f78r-rfc5: WebKit in Apple Safari before 5↗2022-05-02

▶

📋Vendor Advisories

Red Hat

WebKit: Keystrokes sent to hidden frame rather than visible frame due to javascript flaw↗2010-03-14

▶

💬Community

Bugzilla

Please update to webkitgtk-1.2.3↗2010-07-18

▶

Bugzilla

update webkitgtk to 1.2.3↗2010-07-16

▶

Bugzilla

CVE-2010-2441 WebKit: Keystrokes sent to hidden frame rather than visible frame due to javascript flaw↗2010-06-25

▶