Detections
Analytics
CVE-2010-3259
medium
Description
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11221
http://www.vupen.com/english/advisories/2011/0552
http://www.vupen.com/english/advisories/2011/0216
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2010/3046
http://www.vupen.com/english/advisories/2010/2722
http://www.ubuntu.com/usn/USN-1006-1
http://www.securityfocus.com/bid/44206
http://www.redhat.com/support/errata/RHSA-2011-0177.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://support.apple.com/kb/HT4456
http://support.apple.com/kb/HT4455
http://secunia.com/advisories/43086
http://secunia.com/advisories/43068
http://secunia.com/advisories/42314
http://secunia.com/advisories/41856
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html