Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Ware, Ryan R <ryan.r.ware-ral2JQCrhuEAvxtiuMwx3w <at> public.gmane.org>
Subject: [MeeGo-SA-10:37.webkit] Multiple Vulnerabilities in Webkit Applications
Newsgroups: gmane.comp.handhelds.meego.security.announce
Date: Thursday 20th January 2011 23:40:26 UTC (over 5 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
MeeGo-SA-10:37.webkit                                       Security
Advisory
                                                                MeeGo
Project

Topic:          Multiple Vulnerabilities in Webkit Applications

Category:       Graphics
Module:         chrome, chromium, webkit & qt
Announced:      October 9, 2010
Affects:        MeeGo 1.0
Corrected:      October 9, 2010
MeeGo BID:      5797, 5801, 5811, 5892, 5893, 5898, 6124, 6126, 6128,
6130, 6132, 6134, 6143, 6145, 6148, 6150, 6172, 6246, 6249, 6253,
6255, 6256, 6258, 6260, 6261, 6265, 6266, 6268, 6323, 6479, 6487,
6495, 6658, 6953, 7687 & 7692
CVE:            CVE-2010-1780, CVE-2010-1782, CVE-2010-1783,
CVE-2010-1386, CVE-2010-1760, CVE-2010-3111, CVE-2010-3112,
CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116,
CVE-2010-3117, CVE-2010-3118, CVE-2010-3119, CVE-2010-3120,
CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787,
CVE-2010-1788, CVE-2010-1781, CVE-2010-1790, CVE-2010-1791,
CVE-2010-1792, CVE-2010-1793, CVE-2010-1789, CVE-2010-1391,
CVE-2010-1408, CVE-2010-1416, CVE-2010-1418, CVE-2010-1421,
CVE-2010-0544, CVE-2010-1762, CVE-2010-1764, CVE-2010-1407,
CVE-2010-1766, CVE-2010-1422, CVE-2010-1394, CVE-2010-2621,
CVE-2010-3246, CVE-2010-3247, CVE-2010-3248, CVE-2010-3249,
CVE-2010-3250, CVE-2010-3251, CVE-2010-3252, CVE-2010-3253,
CVE-2010-3254, CVE-2010-3255, CVE-2010-3256, CVE-2010-3257,
CVE-2010-3258, CVE-2010-3259, CVE-2010-2652, CVE-2010-2296,
CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-3411,
CVE-2010-3412, CVE-2010-3413, CVE-2010-3414, CVE-2010-3415,
CVE-2010-3416, CVE-2010-3417, CVE-2010-1773 & CVE-2010-1767

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit http://www.MeeGo.com/>.

I.   Background

QtWebKit provides a Web browser engine that makes it easy to embed content
from
the World Wide Web into your Qt application.  It is used by numerous
MeeGo applications.

NOTE: A number of the following CVEs reference WebKit issues in Apple
Safari.  These CVEs are included here because while these CVEs were
filed by Apple, they affect WebKit in general as well requiring us to
fix them in MeeGo.

II.  Problem Description

CVE-2010-1780: Use-after-free vulnerability in WebKit in Apple Safari
before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before
4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via vectors
related to element focus.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1782: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via vectors related
to the rendering of an inline element.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1783: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not
properly handle dynamic modification of a text node, which allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted HTML
document.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1386: page/Geolocation.cpp in WebCore in WebKit before r56188
and before 1.2.5 does not properly restrict access to the lastPosition
function, which has unspecified impact and remote attack vectors, aka
rdar problem 7746357.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-1760: loader/DocumentThreadableLoader.cpp in the
XMLHttpRequest implementation in WebCore in WebKit before r58409 does
not properly handle credentials during a cross-origin synchronous
request, which has unspecified impact and remote attack vectors, aka
rdar problem 7905150.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3111: Google Chrome before 6.0.472.53 does not properly
mitigate an unspecified flaw in the Windows kernel, which has unknown
impact and attack vectors, a different vulnerability than
CVE-2010-2897.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3112: Google Chrome before 5.0.375.127 does not properly
implement file dialogs, which allows attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3113: Google Chrome before 5.0.375.127 does not properly
handle SVG documents, which allows remote attackers to cause a denial
of service (memory corruption) or possibly have unspecified other
impact via unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3114: The text-editing implementation in Google Chrome before
5.0.375.127 does not properly perform casts, which has unspecified
impact and attack vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3115: Google Chrome before 5.0.375.127 does not properly
implement the history feature, which might allow remote attackers to
spoof the address bar via unspecified vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3116: Multiple use-after-free vulnerabilities in WebKit, as
used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google
Chrome before 5.0.375.127, allow remote attackers to execute arbitrary
code or cause a denial of service (application crash) via vectors
related to improper handling of MIME types by plug-ins.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3117: Google Chrome before 5.0.375.127 does not properly
implement the notifications feature, which allows remote attackers to
cause a denial of service (application crash) and possibly have
unspecified other impact via unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3118: The autosuggest feature in the Omnibox implementation
in Google Chrome before 5.0.375.127 does not anticipate entry of
passwords, which might allow remote attackers to obtain sensitive
information by reading the network traffic generated by this feature.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-3119: Google Chrome before 5.0.375.127 does not properly
support the Ruby language, which allows attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3120: Google Chrome before 5.0.375.127 does not properly
implement the Geolocation feature, which allows remote attackers to
cause a denial of service (memory corruption) or possibly have
unspecified other impact via unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-1784: The counters functionality in the Cascading Style
Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on
Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X
10.4, allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted HTML document.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1785: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, accesses
uninitialized memory during processing of the (1) :first-letter and
(2) :first-line pseudo-elements in an SVG text element, which allows
remote attackers to execute arbitrary code or cause a denial of
service (application crash) via a crafted document.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1786: Use-after-free vulnerability in WebKit in Apple Safari
before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before
4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a
foreignObject element in an SVG document.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1787: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a floating
element in an SVG document.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1788: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a use element in
an SVG document.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1781: Double free vulnerability in WebKit in Apple iOS before
4.1 on the iPhone and iPod touch allows remote attackers to execute
arbitrary code or cause a denial of service (application crash) via
vectors related to the rendering of an inline element.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1790: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not
properly handle just-in-time (JIT) compiled JavaScript stubs, which
allows remote attackers to execute arbitrary code or cause a denial of
service (application crash) via a crafted HTML document, related to a
"reentrancy issue."
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1791: Integer signedness error in WebKit in Apple Safari
before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before
4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via vectors
involving a JavaScript array index.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1792: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted
regular expression.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1793: Multiple use-after-free vulnerabilities in WebKit in
Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows,
and before 4.1.1 on Mac OS X 10.4, allow remote attackers to execute
arbitrary code or cause a denial of service (application crash) via a
(1) font-face or (2) use element in an SVG document.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1789: Heap-based buffer overflow in WebKit in Apple Safari
before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before
4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a JavaScript
string object.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1391: Multiple directory traversal vulnerabilities in the (a)
Local Storage and (b) Web SQL database implementations in WebKit in
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and
before 4.1 on Mac OS X 10.4, allow remote attackers to create
arbitrary database files via vectors involving a (1) %2f and .. (dot
dot) or (2) %5c and .. (dot dot) in a URL.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1408: WebKit in Apple Safari before 5.0 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows
remote attackers to bypass intended restrictions on outbound
connections to "non-default TCP ports" via a crafted port number,
related to an "integer truncation issue." NOTE: this may overlap
CVE-2010-1099.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1416: WebKit in Apple Safari before 5.0 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not
properly restrict the reading of a canvas that contains an SVG image
pattern from a different web site, which allows remote attackers to
read images from other sites via a crafted canvas, related to a
"cross-site image capture issue."
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1418: Cross-site scripting (XSS) vulnerability in WebKit in
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and
before 4.1 on Mac OS X 10.4, allows remote attackers to inject
arbitrary web script or HTML via a FRAME element with a SRC attribute
composed of a javascript: sequence preceded by spaces.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1421: The execCommand JavaScript function in WebKit in Apple
Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and
before 4.1 on Mac OS X 10.4, does not properly restrict remote
execution of clipboard commands, which allows remote attackers to
modify the clipboard via a crafted HTML document.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-0544: Cross-site scripting (XSS) vulnerability in WebKit in
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and
before 4.1 on Mac OS X 10.4, allows remote attackers to inject
arbitrary web script or HTML via vectors related to a malformed URL.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1762: Cross-site scripting (XSS) vulnerability in WebKit in
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and
before 4.1 on Mac OS X 10.4, allows remote attackers to inject
arbitrary web script or HTML via vectors involving HTML in a TEXTAREA
element.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1764: WebKit in Apple Safari before 5.0 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows
multiple redirections during form submission, which allows remote web
servers to obtain sensitive information by recording the form data.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1407: WebKit in Apple iOS before 4 on the iPhone and iPod
touch does not properly implement the history.replaceState method in
certain situations involving IFRAME elements, which allows remote
attackers to obtain sensitive information via a crafted HTML document.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1766: Off-by-one error in the
WebSocketHandshake::readServerHandshake function in
websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380,
as used in Qt and other products, allows remote websockets servers to
cause a denial of service (memory corruption) or possibly have
unspecified other impact via an upgrade header that is long and
invalid.
CVSS v2 Base: 7.5 (HIGH)
Access Vector: Network exploitable

CVE-2010-1422: WebKit in Apple Safari before 5.0 on Mac OS X 10.5
through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not
properly handle changes to keyboard focus that occur during processing
of key press events, which allows remote attackers to force arbitrary
key presses via a crafted HTML document.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1394: Cross-site scripting (XSS) vulnerability in WebKit in
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and
before 4.1 on Mac OS X 10.4, allows remote attackers to inject
arbitrary web script or HTML via vectors involving HTML document
fragments.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-2621:The QSslSocketBackendPrivate::transmit function in
src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows
remote attackers to cause a denial of service (infinite loop) via a
malformed request.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-3246: Google Chrome before 6.0.472.53 does not properly
handle the _blank value for the target attribute of unspecified
elements, which allows remote attackers to bypass the pop-up blocker
via unknown vectors.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-3247: Google Chrome before 6.0.472.53 does not properly
restrict the characters in URLs, which allows remote attackers to
spoof the appearance of the URL bar via homographic sequences.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-3248: Google Chrome before 6.0.472.53 does not properly
restrict copying to the clipboard, which has unspecified impact and
attack vectors.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-3249: Google Chrome before 6.0.472.53 does not properly
implement SVG filters, which allows remote attackers to cause a denial
of service or possibly have unspecified other impact via unknown
vectors, related to a "stale pointer" issue.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-3250: Unspecified vulnerability in Google Chrome before
6.0.472.53 allows remote attackers to enumerate the set of installed
extensions via unknown vectors.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-3251: The WebSockets implementation in Google Chrome before
6.0.472.53 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via unspecified vectors.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-3252: Use-after-free vulnerability in the Notifications
presenter in Google Chrome before 6.0.472.53 allows attackers to cause
a denial of service or possibly have unspecified other impact via
unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3253: The implementation of notification permissions in
Google Chrome before 6.0.472.53 allows attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3254: The WebSockets implementation in Google Chrome before
6.0.472.53 does not properly handle integer values, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3255: Google Chrome before 6.0.472.53 does not properly
handle counter nodes, which allows remote attackers to cause a denial
of service (memory corruption) or possibly have unspecified other
impact via unknown vectors.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-3256: Google Chrome before 6.0.472.53 does not properly limit
the number of stored autocomplete entries, which has unspecified
impact and attack vectors.
CVSS v2 Base: 2.6 (LOW)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-3257: Use-after-free vulnerability in WebKit, as used in
Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome
before 6.0.472.53, allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via vectors involving
element focus.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-3258: The sandbox implementation in Google Chrome before
6.0.472.53 does not properly deserialize parameters, which has
unspecified impact and remote attack vectors.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-3259: WebKit, as used in Apple Safari before 4.1.3 and 5.0.x
before 5.0.3 and Google Chrome before 6.0.472.53, does not properly
restrict read access to images derived from CANVAS elements, which
allows remote attackers to bypass the Same Origin Policy and obtain
potentially sensitive image data via a crafted web site.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-2652: Google Chrome before 5.0.375.99 does not properly
implement modal dialogs, which allows attackers to cause a denial of
service (application crash) via unspecified vectors.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-2296: The implementation of unspecified DOM methods in Google
Chrome before 5.0.375.70 allows remote attackers to bypass the Same
Origin Policy via unknown vectors.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1823: Use-after-free vulnerability in WebKit before r65958,
as used in Google Chrome before 6.0.472.59, allows remote attackers to
cause a denial of service or possibly have unspecified other impact
via vectors that trigger use of document APIs such as document.close
during parsing, as demonstrated by a Cascading Style Sheets (CSS) file
referencing an invalid SVG font, aka rdar problem 8442098.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1824: Use-after-free vulnerability in WebKit, as used in Google
Chrome
before 6.0.472.59, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors related
to SVG styles.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1825: Use-after-free vulnerability in WebKit, as used in
Google Chrome before 6.0.472.59, allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
vectors related to nested SVG elements.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-3411: Google Chrome before 6.0.472.59 on Linux does not
properly handle cursors, which might allow attackers to cause a denial
of service (assertion failure) via unspecified vectors.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-3412: Race condition in the console implementation in Google
Chrome before 6.0.472.59 has unspecified impact and attack vectors.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable

CVE-2010-3413: Unspecified vulnerability in the pop-up blocking
functionality in Google Chrome before 6.0.472.59 allows remote
attackers to cause a denial of service (application crash) via unknown
vectors.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-3414: Google Chrome before 6.0.472.59 on Mac OS X does not
properly implement file dialogs, which allows attackers to cause a
denial of service (memory corruption) or possibly have unspecified
other impact via unknown vectors. NOTE: this issue exists because of
an incorrect fix for CVE-2010-3112 on Mac OS X.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3415: Google Chrome before 6.0.472.59 does not properly
implement Geolocation, which allows remote attackers to cause a denial
of service (memory corruption) or possibly have unspecified other
impact via unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3416: Google Chrome before 6.0.472.59 on Linux does not
properly implement the Khmer locale, which allows remote attackers to
cause a denial of service (memory corruption) or possibly have
unspecified other impact via unknown vectors.
CVSS v2 Base: 10.0 (HIGH)
Access Vector: Network exploitable

CVE-2010-3417: Google Chrome before 6.0.472.59 does not prompt the
user before granting access to the extension history, which allows
attackers to obtain potentially sensitive information via unspecified
vectors.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-1773: Off-by-one error in the toAlphabetic function in
rendering/RenderListMarker.cpp in WebCore in WebKit before r39508, as
used in Google Chrome before 5.0.375.70, allows remote attackers to
obtain sensitive information, cause a denial of service (memory
corruption and application crash), or possibly execute arbitrary code
via vectors related to list markers for HTML lists, aka rdar problem
8009118.
CVSS v2 Base: 9.3 (HIGH)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

CVE-2010-1767: Cross-site request forgery (CSRF) vulnerability in
loader/DocumentThreadableLoader.cpp in WebCore in WebKit before
r57041, as used in Google Chrome before 4.1.249.1059, allows remote
attackers to hijack the authentication of unspecified victims via a
crafted synchronous preflight XMLHttpRequest operation.
CVSS v2 Base: 6.8 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

III. Impact

CVE-2010-1780: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-1782: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-1783: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-1386: Unauthorized disclosure of information, modification
or disruption of service due to permission, privilege or access
control error (CWE-264)

CVE-2010-1760: Unauthorized disclosure of information, modification
or disruption of service due to credentials management error (CWE-255)

CVE-2010-3111: Unauthorized disclosure of information, modification
or disruption of service

CVE-2010-3112: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-3113: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-3114: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-3115: Unauthorized disclosure of information, modification
or disruption of service due to design error

CVE-2010-3116: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-3117: Unauthorized disclosure of information, modification
or disruption of service

CVE-2010-3118: Unauthorized disclosure of information (CWE-200)

CVE-2010-3119: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-3120: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-1784: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-1785: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-1786: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-1787: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-1788: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-1781: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-1790: Unauthorized disclosure of information, modification
or disruption of service

CVE-2010-1791: Unauthorized disclosure of information, modification
or disruption of service due to numeric error (CWE-189)

CVE-2010-1792: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-1793: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-1789: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-1391: Unauthorized modification due to path traversal
(CWE-22)

CVE-2010-1408: Unauthorized modification due to permission, privilege
or access control error (CWE-264) and numeric error (CWE-189)

CVE-2010-1416: Unauthorized disclosure of information due to
permission, privilege or access control error (CWE-264)

CVE-2010-1418: Unauthorized modification due to cross-site scripting
error (CWE-79)

CVE-2010-1421: Unauthorized modification due to design error

CVE-2010-0544: Unauthorized modification due to cross-site scripting
error (CWE-79)

CVE-2010-1762: Unauthorized modification due to cross-site scripting
error (CWE-79)

CVE-2010-1764: Unauthorized disclosure of information due to design
error

CVE-2010-1407: Unauthorized disclosure of information (CWE-200)

CVE-2010-1766: Unauthorized disclosure of information, modification
or disruption of service due to numeric error (CWE-189)

CVE-2010-1422: Unauthorized modification

CVE-2010-1394: Unauthorized modification due to cross-site scripting
error (CWE-79)

CVE-2010-2621: Disruption of service due to input validation error
(CWE-20)

CVE-2010-3246: Unauthorized modification due to input validation error
(CWE-20)

CVE-2010-3247: Unauthorized modification due to input validation error
(CWE-20)

CVE-2010-3248: Unauthorized disclosure of information due to
permission, privilege or access control error (CWE-264)

CVE-2010-3249: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-3250: Unauthorized disclosure of information

CVE-2010-3251: Disruption of service due to resource management error
(CWE-399)

CVE-2010-3252: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-3253: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-3254: Unauthorized disclosure of information, modification
or disruption of service due to numeric error (CWE-189)

CVE-2010-3255: Unauthorized disclosure of information, modification
or disruption of service due to input validation error (CWE-20)

CVE-2010-3256: Disruption of service due to resource management error
(CWE-399)

CVE-2010-3257: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-3258: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-3259: Unauthorized disclosure of information due to
permission, privilege or access control error (CWE-264)

CVE-2010-2652: Disruption of service due to design error

CVE-2010-2296: Unauthorized disclosure of information, modification
or disruption of service due to permission, privilege or access
control error (CWE-264)

CVE-2010-1823: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-1824: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-1825: Unauthorized disclosure of information, modification
or disruption of service due to resource management error (CWE-399)

CVE-2010-3411: Disruption of service due to input validation error
(CWE-20)

CVE-2010-3412: Unauthorized disclosure of information, modification
or disruption of service due to race condition (CWE-362)

CVE-2010-3413: Disruption of service

CVE-2010-3414: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-3415: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-3416: Unauthorized disclosure of information, modification
or disruption of service due to buffer error (CWE-119)

CVE-2010-3417: Unauthorized disclosure of information (CSE-200)

CVE-2010-1773: Unauthorized disclosure of information, modification
or disruption of service due to numeric error (CWE-189)

CVE-2010-1767: Unauthorized access, partial confidentiality, integrity
or availability violation, unauthorized disclosure of information or
disruption of service due to cross-site request forgery (CWE-352)

IV.  Workaround

None

V.   Solution

Update to package qt-4.6.2-5.1, chromium-7.0.542.0-10.1 and
google-chrome-5.0.375.70-4.1 or later.

VI.  References

http://bugs.meego.com/show_bug.cgi?id=5797
http://bugs.meego.com/show_bug.cgi?id=5801
http://bugs.meego.com/show_bug.cgi?id=5811
http://bugs.meego.com/show_bug.cgi?id=5892
http://bugs.meego.com/show_bug.cgi?id=5893
http://bugs.meego.com/show_bug.cgi?id=5898
http://bugs.meego.com/show_bug.cgi?id=6124
http://bugs.meego.com/show_bug.cgi?id=6126
http://bugs.meego.com/show_bug.cgi?id=6128
http://bugs.meego.com/show_bug.cgi?id=6130
http://bugs.meego.com/show_bug.cgi?id=6132
http://bugs.meego.com/show_bug.cgi?id=6134
http://bugs.meego.com/show_bug.cgi?id=6143
http://bugs.meego.com/show_bug.cgi?id=6145
http://bugs.meego.com/show_bug.cgi?id=6148
http://bugs.meego.com/show_bug.cgi?id=6150
http://bugs.meego.com/show_bug.cgi?id=6172
http://bugs.meego.com/show_bug.cgi?id=6246
http://bugs.meego.com/show_bug.cgi?id=6249
http://bugs.meego.com/show_bug.cgi?id=6253
http://bugs.meego.com/show_bug.cgi?id=6255
http://bugs.meego.com/show_bug.cgi?id=6256
http://bugs.meego.com/show_bug.cgi?id=6258
http://bugs.meego.com/show_bug.cgi?id=6260
http://bugs.meego.com/show_bug.cgi?id=6261
http://bugs.meego.com/show_bug.cgi?id=6265
http://bugs.meego.com/show_bug.cgi?id=6266
http://bugs.meego.com/show_bug.cgi?id=6268
http://bugs.meego.com/show_bug.cgi?id=6323
http://bugs.meego.com/show_bug.cgi?id=6479
http://bugs.meego.com/show_bug.cgi?id=6487
http://bugs.meego.com/show_bug.cgi?id=6495
http://bugs.meego.com/show_bug.cgi?id=6658
http://bugs.meego.com/show_bug.cgi?id=6953
http://bugs.meego.com/show_bug.cgi?id=7687
http://bugs.meego.com/show_bug.cgi?id=7692
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1780
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1782
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1783
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1386
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1760
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3111
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3112
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3113
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3114
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3115
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3116
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3117
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3118
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3119
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3120
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1784
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1785
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1786
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1787
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1788
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1781
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1790
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1791
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1792
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1793
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1789
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1391
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1408
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1416
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1418
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1421
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0544
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1762
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1764
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1407
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1766
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1422
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1394
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2621
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3246
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3247
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3248
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3249
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3250
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3251
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3252
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3253
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3254
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3255
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3256
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3257
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3258
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3259
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2652
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2296
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1823
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1824
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1825
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3411
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3412
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3413
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3414
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3415
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3416
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3417
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1773
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1767
http://cwe.mitre.org/data/definitions/189.html
http://cwe.mitre.org/data/definitions/399.html
http://cwe.mitre.org/data/definitions/119.html
http://cwe.mitre.org/data/definitions/20.html
http://cwe.mitre.org/data/definitions/264.html
http://cwe.mitre.org/data/definitions/255.html
http://cwe.mitre.org/data/definitions/200.html
http://cwe.mitre.org/data/definitions/22.html
http://cwe.mitre.org/data/definitions/264.html
http://cwe.mitre.org/data/definitions/79.html
http://cwe.mitre.org/data/definitions/362.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (Darwin)

iQEcBAEBAgAGBQJNOMRdAAoJEEsJm1wYvCMbuSQH/jiixIjX5Nh28tIz83StZo/R
tHMVTXRzkTrGtsfuROPhHVcX0gtcJT94DjraFVwg7AHhqQSvsQT6qi01ADLqK2Kq
iYaj/M2+R4wjVKzzJfiJpnDz13cwaJ7CdE99hMHxWhW2YiEWcifVch70PWgGf4JN
E0R/1trTSr3LkCQ0PtpwUjhXnrGDU2FrDT7h6yaQhhWS1osFoAVZtFmegSHHXjij
1+Kd4CYJhFiwwUNpv5NJ+HkSRTgaKe1Go71xFwvVFo4Hd/fhX3ml9h404aRxwgyz
lwwVuHJipPNhaLTZbx78xwpPVuHXl4z6a55edVA++6ERlqGV1NXi0VbzFlfBa/M=
=n7oq
-----END PGP SIGNATURE-----
 
CD: 4ms