| |||||||||||||||||||
MeeGo alert MeeGo-SA-10:37 (webkit)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:37.webkit Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Webkit Applications Category: Graphics Module: chrome, chromium, webkit & qt Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 5797, 5801, 5811, 5892, 5893, 5898, 6124, 6126, 6128, 6130, 6132, 6134, 6143, 6145, 6148, 6150, 6172, 6246, 6249, 6253, 6255, 6256, 6258, 6260, 6261, 6265, 6266, 6268, 6323, 6479, 6487, 6495, 6658, 6953, 7687 & 7692 CVE: CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1386, CVE-2010-1760, CVE-2010-3111, CVE-2010-3112, CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3117, CVE-2010-3118, CVE-2010-3119, CVE-2010-3120, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1781, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1789, CVE-2010-1391, CVE-2010-1408, CVE-2010-1416, CVE-2010-1418, CVE-2010-1421, CVE-2010-0544, CVE-2010-1762, CVE-2010-1764, CVE-2010-1407, CVE-2010-1766, CVE-2010-1422, CVE-2010-1394, CVE-2010-2621, CVE-2010-3246, CVE-2010-3247, CVE-2010-3248, CVE-2010-3249, CVE-2010-3250, CVE-2010-3251, CVE-2010-3252, CVE-2010-3253, CVE-2010-3254, CVE-2010-3255, CVE-2010-3256, CVE-2010-3257, CVE-2010-3258, CVE-2010-3259, CVE-2010-2652, CVE-2010-2296, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-3411, CVE-2010-3412, CVE-2010-3413, CVE-2010-3414, CVE-2010-3415, CVE-2010-3416, CVE-2010-3417, CVE-2010-1773 & CVE-2010-1767 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background QtWebKit provides a Web browser engine that makes it easy to embed content from the World Wide Web into your Qt application. It is used by numerous MeeGo applications. NOTE: A number of the following CVEs reference WebKit issues in Apple Safari. These CVEs are included here because while these CVEs were filed by Apple, they affect WebKit in general as well requiring us to fix them in MeeGo. II. Problem Description CVE-2010-1780: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1782: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1783: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1386: page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-1760: loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3111: Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3112: Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3113: Google Chrome before 5.0.375.127 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3114: The text-editing implementation in Google Chrome before 5.0.375.127 does not properly perform casts, which has unspecified impact and attack vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3115: Google Chrome before 5.0.375.127 does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3116: Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 5.0.375.127, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3117: Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3118: The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-3119: Google Chrome before 5.0.375.127 does not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3120: Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-1784: The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1785: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1786: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1787: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1788: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1781: Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1790: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue." CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1791: Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1792: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1793: Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1789: Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1391: Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1408: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1416: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue." CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1418: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1421: The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable CVE-2010-0544: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1762: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1764: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1407: WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1766: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CVSS v2 Base: 7.5 (HIGH) Access Vector: Network exploitable CVE-2010-1422: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1394: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2621:The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-3246: Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3247: Google Chrome before 6.0.472.53 does not properly restrict the characters in URLs, which allows remote attackers to spoof the appearance of the URL bar via homographic sequences. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3248: Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-3249: Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3250: Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-3251: The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable CVE-2010-3252: Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3253: The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3254: The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3255: Google Chrome before 6.0.472.53 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3256: Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors. CVSS v2 Base: 2.6 (LOW) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3257: Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.53, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3258: The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3259: WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.53, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable CVE-2010-2652: Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-2296: The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1823: Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1824: Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG styles. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1825: Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3411: Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-3412: Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable CVE-2010-3413: Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-3414: Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3415: Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3416: Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-3417: Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-1773: Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r39508, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. CVSS v2 Base: 9.3 (HIGH) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-1767: Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism III. Impact CVE-2010-1780: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-1782: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-1783: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-1386: Unauthorized disclosure of information, modification or disruption of service due to permission, privilege or access control error (CWE-264) CVE-2010-1760: Unauthorized disclosure of information, modification or disruption of service due to credentials management error (CWE-255) CVE-2010-3111: Unauthorized disclosure of information, modification or disruption of service CVE-2010-3112: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-3113: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-3114: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-3115: Unauthorized disclosure of information, modification or disruption of service due to design error CVE-2010-3116: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-3117: Unauthorized disclosure of information, modification or disruption of service CVE-2010-3118: Unauthorized disclosure of information (CWE-200) CVE-2010-3119: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-3120: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-1784: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-1785: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-1786: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-1787: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-1788: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-1781: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-1790: Unauthorized disclosure of information, modification or disruption of service CVE-2010-1791: Unauthorized disclosure of information, modification or disruption of service due to numeric error (CWE-189) CVE-2010-1792: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-1793: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-1789: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-1391: Unauthorized modification due to path traversal (CWE-22) CVE-2010-1408: Unauthorized modification due to permission, privilege or access control error (CWE-264) and numeric error (CWE-189) CVE-2010-1416: Unauthorized disclosure of information due to permission, privilege or access control error (CWE-264) CVE-2010-1418: Unauthorized modification due to cross-site scripting error (CWE-79) CVE-2010-1421: Unauthorized modification due to design error CVE-2010-0544: Unauthorized modification due to cross-site scripting error (CWE-79) CVE-2010-1762: Unauthorized modification due to cross-site scripting error (CWE-79) CVE-2010-1764: Unauthorized disclosure of information due to design error CVE-2010-1407: Unauthorized disclosure of information (CWE-200) CVE-2010-1766: Unauthorized disclosure of information, modification or disruption of service due to numeric error (CWE-189) CVE-2010-1422: Unauthorized modification CVE-2010-1394: Unauthorized modification due to cross-site scripting error (CWE-79) CVE-2010-2621: Disruption of service due to input validation error (CWE-20) CVE-2010-3246: Unauthorized modification due to input validation error (CWE-20) CVE-2010-3247: Unauthorized modification due to input validation error (CWE-20) CVE-2010-3248: Unauthorized disclosure of information due to permission, privilege or access control error (CWE-264) CVE-2010-3249: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-3250: Unauthorized disclosure of information CVE-2010-3251: Disruption of service due to resource management error (CWE-399) CVE-2010-3252: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-3253: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-3254: Unauthorized disclosure of information, modification or disruption of service due to numeric error (CWE-189) CVE-2010-3255: Unauthorized disclosure of information, modification or disruption of service due to input validation error (CWE-20) CVE-2010-3256: Disruption of service due to resource management error (CWE-399) CVE-2010-3257: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-3258: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-3259: Unauthorized disclosure of information due to permission, privilege or access control error (CWE-264) CVE-2010-2652: Disruption of service due to design error CVE-2010-2296: Unauthorized disclosure of information, modification or disruption of service due to permission, privilege or access control error (CWE-264) CVE-2010-1823: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-1824: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-1825: Unauthorized disclosure of information, modification or disruption of service due to resource management error (CWE-399) CVE-2010-3411: Disruption of service due to input validation error (CWE-20) CVE-2010-3412: Unauthorized disclosure of information, modification or disruption of service due to race condition (CWE-362) CVE-2010-3413: Disruption of service CVE-2010-3414: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-3415: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-3416: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) CVE-2010-3417: Unauthorized disclosure of information (CSE-200) CVE-2010-1773: Unauthorized disclosure of information, modification or disruption of service due to numeric error (CWE-189) CVE-2010-1767: Unauthorized access, partial confidentiality, integrity or availability violation, unauthorized disclosure of information or disruption of service due to cross-site request forgery (CWE-352) IV. Workaround None V. Solution Update to package qt-4.6.2-5.1, chromium-7.0.542.0-10.1 and google-chrome-5.0.375.70-4.1 or later. VI. References http://bugs.meego.com/show_bug.cgi?id=5797 http://bugs.meego.com/show_bug.cgi?id=5801 http://bugs.meego.com/show_bug.cgi?id=5811 http://bugs.meego.com/show_bug.cgi?id=5892 http://bugs.meego.com/show_bug.cgi?id=5893 http://bugs.meego.com/show_bug.cgi?id=5898 http://bugs.meego.com/show_bug.cgi?id=6124 http://bugs.meego.com/show_bug.cgi?id=6126 http://bugs.meego.com/show_bug.cgi?id=6128 http://bugs.meego.com/show_bug.cgi?id=6130 http://bugs.meego.com/show_bug.cgi?id=6132 http://bugs.meego.com/show_bug.cgi?id=6134 http://bugs.meego.com/show_bug.cgi?id=6143 http://bugs.meego.com/show_bug.cgi?id=6145 http://bugs.meego.com/show_bug.cgi?id=6148 http://bugs.meego.com/show_bug.cgi?id=6150 http://bugs.meego.com/show_bug.cgi?id=6172 http://bugs.meego.com/show_bug.cgi?id=6246 http://bugs.meego.com/show_bug.cgi?id=6249 http://bugs.meego.com/show_bug.cgi?id=6253 http://bugs.meego.com/show_bug.cgi?id=6255 http://bugs.meego.com/show_bug.cgi?id=6256 http://bugs.meego.com/show_bug.cgi?id=6258 http://bugs.meego.com/show_bug.cgi?id=6260 http://bugs.meego.com/show_bug.cgi?id=6261 http://bugs.meego.com/show_bug.cgi?id=6265 http://bugs.meego.com/show_bug.cgi?id=6266 http://bugs.meego.com/show_bug.cgi?id=6268 http://bugs.meego.com/show_bug.cgi?id=6323 http://bugs.meego.com/show_bug.cgi?id=6479 http://bugs.meego.com/show_bug.cgi?id=6487 http://bugs.meego.com/show_bug.cgi?id=6495 http://bugs.meego.com/show_bug.cgi?id=6658 http://bugs.meego.com/show_bug.cgi?id=6953 http://bugs.meego.com/show_bug.cgi?id=7687 http://bugs.meego.com/show_bug.cgi?id=7692 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://cwe.mitre.org/data/definitions/189.html http://cwe.mitre.org/data/definitions/399.html http://cwe.mitre.org/data/definitions/119.html http://cwe.mitre.org/data/definitions/20.html http://cwe.mitre.org/data/definitions/264.html http://cwe.mitre.org/data/definitions/255.html http://cwe.mitre.org/data/definitions/200.html http://cwe.mitre.org/data/definitions/22.html http://cwe.mitre.org/data/definitions/264.html http://cwe.mitre.org/data/definitions/79.html http://cwe.mitre.org/data/definitions/362.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (Darwin) iQEcBAEBAgAGBQJNOMRdAAoJEEsJm1wYvCMbuSQH/jiixIjX5Nh28tIz83StZo/R tHMVTXRzkTrGtsfuROPhHVcX0gtcJT94DjraFVwg7AHhqQSvsQT6qi01ADLqK2Kq iYaj/M2+R4wjVKzzJfiJpnDz13cwaJ7CdE99hMHxWhW2YiEWcifVch70PWgGf4JN E0R/1trTSr3LkCQ0PtpwUjhXnrGDU2FrDT7h6yaQhhWS1osFoAVZtFmegSHHXjij 1+Kd4CYJhFiwwUNpv5NJ+HkSRTgaKe1Go71xFwvVFo4Hd/fhX3ml9h404aRxwgyz lwwVuHJipPNhaLTZbx78xwpPVuHXl4z6a55edVA++6ERlqGV1NXi0VbzFlfBa/M= =n7oq -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security (Log in to post comments)
|
|||||||||||||||||||