CVE-2010-3259

NameCVE-2010-3259
DescriptionWebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie, jessie (lts)57.0.2987.98-1~deb8u1fixed
stretch (security), stretch (lts), stretch71.0.3578.80-1~deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)6.0.472.53~r57914-1
webkitsource(unstable)1.2.5-1

Notes

[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
https://bugs.webkit.org/show_bug.cgi?id=44399
http://trac.webkit.org/changeset/65826
Search for package or bug name: Reporting problems