CVE-2010-0051

2010-03-15T14:15:00
ID CVE-2010-0051
Type cve
Reporter cve@mitre.org
Modified 2017-09-19T01:30:00

Description

WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

'WebKit CVE-ID: CVE-2010-0051 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An implementation issue exists in WebKit's handling of cross-origin stylesheet requests. Visiting a maliciously crafted website may disclose the content of protected resources on another website. This update addresses the issue by performing additional validation on stylesheets that are loaded during a cross-origin request.' Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/'