PT-2010-2408 · Google+1 · Google Chrome+1
Published
2010-02-18
·
Updated
2017-09-19
·
CVE-2010-0656
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WebKit versions before r51295
Google Chrome versions before 4.0.249.78
Description
The issue allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document, by presenting a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory.
Recommendations
For WebKit versions before r51295, update to version r51295 or later.
For Google Chrome versions before 4.0.249.78, update to version 4.0.249.78 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome
Webkit