CVE-2010-3259 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Google Chrome +2 more

Timeline

PublishedSep 7

Latest updateMay 13

Description

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDapple/safari5.0 — 5.0.3+1

▶NVDgoogle/chrome< 6.0.472.53

▶NVDwebkitgtk/webkitgtk< 1.2.6

▶NVDapple/iphone_os< 4.2

Also affects: Ubuntu Linux 10.04, 10.10, 9.10

Patches

Patch: code.google.com ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-ch35-3h8w-gw7f: WebKit, as used in Apple Safari before 4↗2022-05-13

▶

📋Vendor Advisories

Red Hat

webkit: cross-origin image theft↗2010-09-02

▶

💬Community

Bugzilla

CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259 webkitgtk various flaws [fedora-all]↗2010-10-05

▶

Bugzilla

CVE-2010-3259 webkit: cross-origin image theft↗2010-10-05

▶