CVE-2010-3257 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2010-3257?

CVE-2010-3257 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-3257?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Webkitgtk Webkitgtk, Apple Safari, Apple Iphone Os, Canonical Ubuntu Linux.

Vulnerability Description

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Google	Chrome	< 6.0.472.53
Webkitgtk	Webkitgtk	< 1.2.6
Apple	Safari	< 4.1.3
Apple	Iphone Os	< 4.2
Canonical	Ubuntu Linux	9.10

Related Weaknesses (CWE)

CWE-416

References

http://code.google.com/p/chromium/issues/detail?id=52443Vendor Advisory
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updatesVendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/41856Third Party Advisory
http://secunia.com/advisories/42314Third Party Advisory
http://secunia.com/advisories/43068Third Party Advisory
http://secunia.com/advisories/43086Third Party Advisory
http://support.apple.com/kb/HT4455Third Party Advisory
http://support.apple.com/kb/HT4456Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0177.htmlThird Party Advisory
http://www.securityfocus.com/bid/44204Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1006-1Third Party Advisory

FAQ

What is CVE-2010-3257?

CVE-2010-3257 is a vulnerability with a CVSS score of 9.3 (HIGH). Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arb...

How severe is CVE-2010-3257?

CVE-2010-3257 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3257?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Webkitgtk Webkitgtk, Apple Safari, Apple Iphone Os, Canonical Ubuntu Linux.