WebKit 'history.replaceState' Cross-Origin Information Disclosure Vulnerability

Bugtraq ID: 41051
Class: Origin Validation Error
CVE: CVE-2010-1407
Remote: Yes
Local: No
Published: Jun 22 2010 12:00AM
Updated: Mar 02 2011 03:58PM
Credit: Darin Fisher of Google Inc.
Vulnerable: WebKit Open Source Project WebKit 1.2.3
WebKit Open Source Project WebKit 1.2.2
WebKit Open Source Project WebKit 1.2.2-1
WebKit Open Source Project WebKit 0
Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 amd64
SuSE openSUSE 11.3
MandrakeSoft Linux Mandrake 2010.1 x86_64
MandrakeSoft Linux Mandrake 2010.1
Apple iPod Touch 3.1.3
Apple iPod Touch 3.1.2
Apple iPod Touch 3.1.1
Apple iPod Touch 2.2.1
Apple iPod Touch 2.0.2
Apple iPod Touch 2.0.1
Apple iPod Touch 3.0
Apple iPod Touch 2.2
Apple iPod Touch 2.1
Apple iPod Touch 2.0
Apple iPhone 3.1.3
Apple iPhone 3.1.2
Apple iPhone 3.0.1
Apple iPhone 2.2.1
Apple iPhone 2.0.2
Apple iPhone 2.0.1
Apple iPhone 3.1
Apple iPhone 3.0
Apple iPhone 2.2
Apple iPhone 2.1
Apple iPhone 2.0
Apple iPad 3.2.1
Apple iPad 3.2.2
Apple iPad 3.2
Apple iPad 0
Apple iPad 0
Apple iOS 4.0.2
Apple iOS 4.0.1
Apple iOS 3.2.2
Apple iOS 3.2.1
Apple iOS 4.2 beta
Apple iOS 4.1
Apple iOS 4
Apple iOS 3.2
Not Vulnerable: WebKit Open Source Project WebKit 1.2.5
Apple iOS 4.2
Apple iOS 4


 

Privacy Statement
Copyright 2010, SecurityFocus