Lucene search

[email protected]NVD:CVE-2010-0661

HistoryFeb 18, 2010 - 6:00 p.m.

CVE-2010-0661

2010-02-1818:00:01

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

Affected configurations

Nvd

Node

applewebkitMatch52400

AND

googlechromeRange≤4.0.249.0

googlechromeMatch0.2.149.27

googlechromeMatch0.2.149.29

googlechromeMatch0.2.149.30

googlechromeMatch0.2.152.1

googlechromeMatch0.2.153.1

googlechromeMatch0.3.154.0

googlechromeMatch0.3.154.3

googlechromeMatch0.4.154.18

googlechromeMatch0.4.154.22

googlechromeMatch0.4.154.31

googlechromeMatch0.4.154.33

googlechromeMatch1.0.154.36

googlechromeMatch1.0.154.39

googlechromeMatch1.0.154.42

googlechromeMatch1.0.154.43

googlechromeMatch1.0.154.46

googlechromeMatch1.0.154.48

googlechromeMatch1.0.154.52

googlechromeMatch1.0.154.53

googlechromeMatch1.0.154.59

googlechromeMatch1.0.154.65

googlechromeMatch2.0.156.1

googlechromeMatch2.0.157.0

googlechromeMatch2.0.157.2

googlechromeMatch2.0.158.0

googlechromeMatch2.0.159.0

googlechromeMatch2.0.169.0

googlechromeMatch2.0.169.1

googlechromeMatch2.0.170.0

googlechromeMatch2.0.172

googlechromeMatch2.0.172.2

googlechromeMatch2.0.172.8

googlechromeMatch2.0.172.27

googlechromeMatch2.0.172.28

googlechromeMatch2.0.172.30

googlechromeMatch2.0.172.31

googlechromeMatch2.0.172.33

googlechromeMatch2.0.172.37

googlechromeMatch2.0.172.38

googlechromeMatch3.0.182.2

googlechromeMatch3.0.190.2

googlechromeMatch3.0.193.2beta

googlechromeMatch3.0.195.21

googlechromeMatch3.0.195.24

googlechromeMatch3.0.195.32

googlechromeMatch3.0.195.33

googlechromeMatch4.0.244.0

VendorProductVersionCPE
applewebkit52400cpe:2.3:a:apple:webkit:52400:*:*:*:*:*:*:*
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
googlechrome0.2.149.27cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
googlechrome0.2.149.29cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
googlechrome0.2.149.30cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
googlechrome0.2.152.1cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
googlechrome0.2.153.1cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
googlechrome0.3.154.0cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
googlechrome0.3.154.3cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
googlechrome0.4.154.18cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	webkit	52400	cpe:2.3:a:apple:webkit:52400:::::::*
google	chrome	*	cpe:2.3:a:google:chrome::::::::
google	chrome	0.2.149.27	cpe:2.3:a:google:chrome:0.2.149.27:::::::*
google	chrome	0.2.149.29	cpe:2.3:a:google:chrome:0.2.149.29:::::::*
google	chrome	0.2.149.30	cpe:2.3:a:google:chrome:0.2.149.30:::::::*
google	chrome	0.2.152.1	cpe:2.3:a:google:chrome:0.2.152.1:::::::*
google	chrome	0.2.153.1	cpe:2.3:a:google:chrome:0.2.153.1:::::::*
google	chrome	0.3.154.0	cpe:2.3:a:google:chrome:0.3.154.0:::::::*
google	chrome	0.3.154.3	cpe:2.3:a:google:chrome:0.3.154.3:::::::*
google	chrome	0.4.154.18	cpe:2.3:a:google:chrome:0.4.154.18:::::::*