Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2010-1236HistoryApr 01, 2010 - 10:30 p.m.
CVE-2010-1236
2010-04-0122:30:00
Debian Security Bug Tracker
security-tracker.debian.org
7
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | chromium-browser | < 70.0.3538.110-1~deb9u1 | chromium-browser_70.0.3538.110-1~deb9u1_all.deb |
Related
securityvulns
securityvulns
cve
cve
CVE-2010-1236
2010-04-01 22:30:00
ubuntucve
ubuntucve
CVE-2010-1236
2010-04-01 00:00:00
prion
prion
Cross site scripting
2010-04-01 22:30:00
nessus
nessus
Google Chrome < 4.1.249.1036 Multiple Vulnerabilities
2010-03-18 00:00:00
openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
2011-05-05 00:00:00
openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
2014-06-13 00:00:00
openvas
openvas
Google Chrome Multiple Vulnerabilities (win)
2010-04-13 00:00:00
Google Chrome Multiple Vulnerabilities (win)
2010-04-13 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related for DEBIANCVE:CVE-2010-1236