CVE-2010-3257

WebKit <4.1.3-5.0.3 - Use After Free

Title source: llm

Description

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

References (21)

[Vendor Advisory] http://code.google.com/p/chromium/issues/detail?id=52443

[Vendor Advisory] http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html

[Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

[Third Party Advisory] http://secunia.com/advisories/41856

[Third Party Advisory] http://secunia.com/advisories/42314

[Third Party Advisory] http://secunia.com/advisories/43068

[Third Party Advisory] http://secunia.com/advisories/43086

[Third Party Advisory] http://support.apple.com/kb/HT4455

[Third Party Advisory] http://support.apple.com/kb/HT4456

[Third Party Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

[Third Party Advisory] http://www.redhat.com/support/errata/RHSA-2011-0177.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/44204

[Third Party Advisory] http://www.ubuntu.com/usn/USN-1006-1

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/2722

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/3046

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0212

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0216

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0552

... and 1 more

Scores

EPSS 0.1034

EPSS Percentile 93.1%

Classification

CWE

CWE-416

Status draft

Affected Products (7)

google/chrome < 6.0.472.53

webkitgtk/webkitgtk < 1.2.6

apple/safari < 4.1.3

apple/iphone_os < 4.2

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

Timeline

Published Sep 07, 2010

Tracked Since Feb 18, 2026