CVE-2010-3259 — MEDIUM (4.3)

Q: How severe is CVE-2010-3259?

CVE-2010-3259 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-3259?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Webkitgtk Webkitgtk, Apple Safari, Apple Iphone Os, Canonical Ubuntu Linux.

Vulnerability Description

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Chrome	< 6.0.472.53
Webkitgtk	Webkitgtk	< 1.2.6
Apple	Safari	< 4.1.3
Apple	Iphone Os	< 4.2
Canonical	Ubuntu Linux	9.10

Related Weaknesses (CWE)

CWE-200

References

http://code.google.com/p/chromium/issues/detail?id=53001PatchVendor Advisory
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updatesVendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/41856Third Party Advisory
http://secunia.com/advisories/42314Third Party Advisory
http://secunia.com/advisories/43068Third Party Advisory
http://secunia.com/advisories/43086Third Party Advisory
http://support.apple.com/kb/HT4455Third Party Advisory
http://support.apple.com/kb/HT4456Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0177.htmlThird Party Advisory
http://www.securityfocus.com/bid/44206Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1006-1Third Party Advisory

FAQ

What is CVE-2010-3259?

CVE-2010-3259 is a vulnerability with a CVSS score of 4.3 (MEDIUM). WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS e...

How severe is CVE-2010-3259?

CVE-2010-3259 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-3259?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Webkitgtk Webkitgtk, Apple Safari, Apple Iphone Os, Canonical Ubuntu Linux.