PT-2010-2942 · Google+2 · Google Chrome+2
Publicado
2010-04-01
·
Atualizado
2017-09-19
·
CVE-2010-1236
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
WebKit before r55822
Google Chrome before 4.1.249.1036
Flock Browser 3.x before 3.0.0.4112
Description
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL. This is due to the protocolIs function in platform/KURLGoogle.cpp not properly handling whitespace at the beginning of a URL.
Recommendations
For WebKit before r55822, update to version r55822 or later to resolve the issue.
For Google Chrome before 4.1.249.1036, update to version 4.1.249.1036 or later.
For Flock Browser 3.x before 3.0.0.4112, update to version 3.0.0.4112 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Flock Browser
Google Chrome
Webkit