Vulnerability Name: CVE-2010-3259 (CCN-61572) Assigned: 2010-09-02 Published: 2010-09-02 Updated: 2020-08-04 Summary: WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
3.7 Low (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P 2.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-200 Vulnerability Consequences: Bypass Security References: Source: CONFIRMhttp://code.google.com/p/chromium/issues/detail?id=53001 CVE-2010-3259 http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html APPLE-SA-2010-11-18-1 APPLE-SA-2010-11-22-1 SUSE-SR:2011:002 Moderate: webkitgtk security update Google Chrome Multiple Vulnerabilities 41856 Apple iOS Multiple Vulnerabilities 42314 43068 43086 About the security content of Safari 5.0.3 and Safari 4.1.3 http://support.apple.com/kb/HT4455 About the security content of iOS 4.2 http://support.apple.com/kb/HT4456 Stable and Beta Channel Updates MDVSA-2011:039 Google Chrome Image Read Access Restriction Same Origin Policy Bypass Remote Information Disclosure RHSA-2011:0177 Google Chrome prior to 6.0.472.53 Multiple Security Vulnerabilities 44206 WebKit Images Cross Domain Information Disclosure Vulnerability USN-1006-1 ADV-2010-2722 ADV-2010-3046 ADV-2011-0212 ADV-2011-0216 ADV-2011-0552 google-chrome-images-security-bypass(61572) oval:org.mitre.oval:def:11221 https://technet.microsoft.com/library/security/msvr11-002 SUSE Security Summary Report Vulnerable Configuration: Configuration 1 :cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version < 6.0.472.53)Configuration 2 :cpe:/a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* (Version < 1.2.6)Configuration 3 :cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version < 4.1.3)OR cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version >= 5.0 and < 5.0.3) OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 4.2) Configuration 4 :cpe:/o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* OR cpe:/o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:* Configuration CCN 1 :cpe:/o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:* OR cpe:/a:apple:safari:4.0:*:*:*:*:*:*:* OR cpe:/a:apple:safari:4.0.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:* OR cpe:/a:apple:safari:4.0.2:*:*:*:*:*:*:* OR cpe:/a:apple:safari:4.0.3:*:*:*:*:*:*:* OR cpe:/a:apple:safari:4.0.4:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1.2:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1.3:*:*:*:*:*:*:* OR cpe:/a:google:chrome:4.0.249.78:*:*:*:*:*:*:* OR cpe:/a:google:chrome:4.0.249.89:*:*:*:*:*:*:* OR cpe:/a:apple:safari:4.0.5:*:*:*:*:*:*:* OR cpe:/a:google:chrome:4.1.249.1042:*:*:*:*:*:*:* OR cpe:/a:google:chrome:4.1.249.1036:*:*:*:*:*:*:* OR cpe:/a:google:chrome:4.1.249.1045:*:*:*:*:*:*:* OR cpe:/a:google:chrome:4.1.249.1059:*:*:*:*:*:*:* OR cpe:/a:google:chrome:4.1.249.1064:*:*:*:*:*:*:* OR cpe:/a:apple:safari:4.1:*:*:*:*:*:*:* OR cpe:/a:apple:safari:5.0:*:*:*:*:*:*:* OR cpe:/a:google:chrome:5.0.375.55:*:*:*:*:*:*:* OR cpe:/o:apple:ios:4.0:*:*:*:*:*:*:* OR cpe:/o:apple:ios:4.0.1:*:*:*:*:*:*:* OR cpe:/a:apple:safari:5.0.1:*:*:*:*:*:*:* OR cpe:/a:apple:safari:5.0.2:*:*:*:*:*:*:* OR cpe:/o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1.2:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:ios:4.0.1:-:ipodtouch:*:*:*:*:* OR cpe:/o:apple:ios:4.0:-:ipodtouch:*:*:*:*:* AND cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:* OR cpe:/h:apple:ipad:*:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:* Oval Definitions BACK
google chrome *
webkitgtk webkitgtk *
apple safari *
apple safari *
apple iphone os *
canonical ubuntu linux 9.10
canonical ubuntu linux 10.04
canonical ubuntu linux 10.10
apple iphone os 2.0.0 -
apple iphone os 2.0.1
apple iphone os 2.0.1 -
apple iphone os 2.0.2
apple iphone os 2.0.2 -
apple safari 4.0
apple safari 4.0.1
apple iphone os 2.1
apple iphone os 2.0
apple iphone os 3.0
apple safari 4.0.2
apple safari 4.0.3
apple safari 4.0.4
apple iphone os 3.1
apple iphone os 3.1.2
apple iphone os 3.1.3
google chrome 4.0.249.78
google chrome 4.0.249.89
apple safari 4.0.5
google chrome 4.1.249.1042
google chrome 4.1.249.1036
google chrome 4.1.249.1045
google chrome 4.1.249.1059
google chrome 4.1.249.1064
apple safari 4.1
apple safari 5.0
google chrome 5.0.375.55
apple iphone os 4.0
apple iphone os 4.0.1
apple safari 5.0.1
apple safari 5.0.2
apple iphone os 2.1 -
apple iphone os 3.0 -
apple iphone os 3.1.2 -
apple iphone os 3.1 -
apple iphone os 4.0.1 -
apple iphone os 4.0 -
apple mac os x 10.4.11
apple mac os x server 10.4.11
apple mac os x 10.5.8
apple mac os x server 10.5.8
apple ipad *
apple mac os x server 10.6.4
apple mac os x 10.6.4
redhat enterprise linux 6
redhat enterprise linux 6
redhat enterprise linux desktop 6
redhat enterprise linux hpc node 6
Denotes that component is vulnerable