CVE-2010-3116

WebKit <4.1.3-5.0.3 - Use After Free

Title source: llm

Description

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

References (22)

[Permissions Required] http://code.google.com/p/chromium/issues/detail?id=50515

[Permissions Required] http://code.google.com/p/chromium/issues/detail?id=51835

[Vendor Advisory] http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

[Third Party Advisory] http://secunia.com/advisories/41856

[Third Party Advisory] http://secunia.com/advisories/42314

[Third Party Advisory] http://secunia.com/advisories/43068

[Third Party Advisory] http://secunia.com/advisories/43086

[Third Party Advisory] http://support.apple.com/kb/HT4455

[Third Party Advisory] http://support.apple.com/kb/HT4456

[Third Party Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

[Third Party Advisory] http://www.redhat.com/support/errata/RHSA-2011-0177.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/44200

[Third Party Advisory] http://www.ubuntu.com/usn/USN-1006-1

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/2722

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/3046

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0212

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0216

... and 2 more

Scores

EPSS 0.1045

EPSS Percentile 93.1%

Classification

CWE

CWE-416

Status draft

Affected Products (7)

google/chrome < 5.0.375.127

apple/safari < 4.1.3

apple/iphone_os < 4.2

webkitgtk/webkitgtk < 1.2.6

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

Timeline

Published Aug 24, 2010

Tracked Since Feb 18, 2026