PT-2010-3421 · Gtk+2 · Webkitgtk+3
Published
2010-07-30
·
Updated
2017-09-19
·
CVE-2010-1786
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apple Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows
Apple Safari versions prior to 4.1.1 on Mac OS X 10.4
webkitgtk versions prior to 1.2.6
Description
The issue allows remote attackers to execute arbitrary code or cause a denial of service via a foreignObject element in an SVG document. This can lead to an application crash.
Recommendations
For Apple Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0.1 or later.
For Apple Safari versions prior to 4.1.1 on Mac OS X 10.4, update to version 4.1.1 or later.
For webkitgtk versions prior to 1.2.6, update to version 1.2.6 or later.
As a temporary workaround, consider avoiding the use of foreignObject elements in SVG documents until a patch is available.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Macos X
Red Hat
Safari
Webkitgtk