Lucene search

K

[email protected]NVD:CVE-2010-2295

HistoryJun 15, 2010 - 6:00 p.m.

CVE-2010-2295

2010-06-1518:00:02

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422.

Affected configurations

NVD

Node

googlechromeRange<5.0.375.70

References

code.google.com/p/chromium/issues/detail?id=15766

googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/40072

secunia.com/advisories/43068

src.chromium.org/viewvc/chrome/branches/WebKit/375/WebCore/page/EventHandler.cpp?r1=48067&r2=48066

www.vupen.com/english/advisories/2011/0212

bugs.webkit.org/show_bug.cgi?id=26824

bugzilla.mozilla.org/show_bug.cgi?id=552255

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12003

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

Related for NVD:CVE-2010-2295

cve3 debiancve3 ubuntucve3 cvelist3 prion3 nvd2 threatpost1 openvas23 nessus16 freebsd1 fedora6 securityvulns2