Vulnerability Description
page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Webkit | <= r56187 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/41856Vendor Advisory
- http://secunia.com/advisories/43068Vendor Advisory
- http://security-tracker.debian.org/tracker/CVE-2010-1386
- http://trac.webkit.org/changeset/56188
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
- http://www.securityfocus.com/bid/42500
- http://www.ubuntu.com/usn/USN-1006-1
- http://www.vupen.com/english/advisories/2010/2722Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0212Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0552Vendor Advisory
- https://bugs.webkit.org/show_bug.cgi?id=36255
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/41856Vendor Advisory
- http://secunia.com/advisories/43068Vendor Advisory
FAQ
What is CVE-2010-1386?
CVE-2010-1386 is a vulnerability with a CVSS score of 10.0 (HIGH). page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rda...
How severe is CVE-2010-1386?
CVE-2010-1386 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1386?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Webkit.