[email protected]CVE-2010-2295

HistoryJun 15, 2010 - 6:00 p.m.

CVE-2010-2295

2010-06-1518:00:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-2295

webcore

webkit

google chrome

remote code execution

security vulnerability

7.9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

77.4%

JSON

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422.

CPENameOperatorVersion
google:chromegoogle chromelt5.0.375.70

CPE	Name	Operator	Version
google:chrome	google chrome	lt	5.0.375.70

References

code.google.com/p/chromium/issues/detail?id=15766

googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/40072

secunia.com/advisories/43068

src.chromium.org/viewvc/chrome/branches/WebKit/375/WebCore/page/EventHandler.cpp?r1=48067&r2=48066

www.vupen.com/english/advisories/2011/0212

bugs.webkit.org/show_bug.cgi?id=26824

bugzilla.mozilla.org/show_bug.cgi?id=552255

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12003

7.9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVE-2010-2295

debiancve3 cvelist3 prion3 ubuntucve3 cve2 openvas23 nessus16 threatpost1 freebsd1 fedora6 securityvulns2