CVE-2010-2264 — Sensitive Information Exposure in Apple Safari

CWE-200 — Sensitive Information Exposure CWE-26412 documents2 sources

Severity

5.0MEDIUMNVD

NVD4.3

EPSS

0.6%

top 30.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari Microsoft Internet Explorer Mozilla Firefox +5 more

Timeline

PublishedJun 11

Latest updateMay 17

Description

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages8 packages

▶NVDapple/safari4.0.5+11

▶NVDmozilla/firefox3.6.24+57

▶NVDmozilla/seamonkey2.1+50

▶NVDmozilla/thunderbird3.1.16+28

▶NVDmicrosoft/internet_explorer8+77

Patches

Patch: lists.apple.com ↗Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-mf5v-3c9h-j7h3: The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle↗2022-05-17

▶

GHSA

GHSA-vfgv-7h5p-hhgc: The Cascading Style Sheets (CSS) implementation in Opera 10↗2022-05-17

▶

GHSA

GHSA-ccqg-4ff6-jg4g: The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers t↗2022-05-17

▶

GHSA

GHSA-g62r-fg2h-rgg7: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5↗2022-05-17

▶

GHSA

GHSA-fxv5-cqrh-qvhc: The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8↗2022-04-30

▶