CVE-2010-5070Apple Safari vulnerability

CWE-2644 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 57.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple SafariGoogle Chrome
Timeline
PublishedDec 7
Latest updateMay 17

Description

The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDapple/safari11 versions+10
NVDgoogle/chrome224 versions+223

🔴Vulnerability Details

2
GHSA
GHSA-mf5v-3c9h-j7h3: The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle2022-05-17
GHSA
GHSA-34jq-3228-6mcp: The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle2022-05-17