CVE-2010-0650 — LOW (2.6) — White Hats Nepal

Q: What is CVE-2010-0650?

CVE-2010-0650 is a vulnerability with a CVSS score of 2.6 (LOW). WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.

Q: How severe is CVE-2010-0650?

CVE-2010-0650 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-0650?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Safari, Canonical Ubuntu Linux.

Vulnerability Description

WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Chrome	< 4.0.249.78
Apple	Safari	-
Canonical	Ubuntu Linux	9.10

Related Weaknesses (CWE)

CWE-264

References

http://code.google.com/p/chromium/issues/detail?id=3275ExploitVendor Advisory
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/41856Third Party Advisory
http://secunia.com/advisories/43068Third Party Advisory
http://securitytracker.com/id?1023506Third Party AdvisoryVDB Entry
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-securVendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039Third Party Advisory
http://www.securityfocus.com/bid/38373Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1006-1Third Party Advisory
http://www.vupen.com/english/advisories/2010/2722Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212Third Party Advisory
http://www.vupen.com/english/advisories/2011/0552Third Party Advisory
https://bugs.webkit.org/show_bug.cgi?id=21501Permissions RequiredThird Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory

FAQ

What is CVE-2010-0650?

CVE-2010-0650 is a vulnerability with a CVSS score of 2.6 (LOW). WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.

How severe is CVE-2010-0650?

CVE-2010-0650 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0650?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Safari, Canonical Ubuntu Linux.