CVE-2010-1236

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=37383	Exploit
http://codereview.chromium.org/858001
http://flock.com/security/
http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068	Vendor Advisory
http://src.chromium.org/viewvc/chrome?view=rev&revision=41244
http://www.vupen.com/english/advisories/2011/0212	Vendor Advisory
https://bugs.webkit.org/show_bug.cgi?id=35948
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14067

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:google:chrome:0.1.38.1:::::::*
	cpe:2.3:a:google:chrome:0.1.38.2:::::::*
	cpe:2.3:a:google:chrome:0.1.38.4:::::::*
	cpe:2.3:a:google:chrome:0.1.40.1:::::::*
	cpe:2.3:a:google:chrome:0.1.42.2:::::::*
	cpe:2.3:a:google:chrome:0.1.42.3:::::::*
	cpe:2.3:a:google:chrome:1.0.154.53:::::::*
	cpe:2.3:a:google:chrome:1.0.154.59:::::::*
	cpe:2.3:a:google:chrome:1.0.154.64:::::::*
	cpe:2.3:a:google:chrome:1.0.154.65:::::::*
	cpe:2.3:a:google:chrome:2.0.169.0:::::::*
	cpe:2.3:a:google:chrome:2.0.169.1:::::::*
	cpe:2.3:a:google:chrome:2.0.170.0:::::::*
	cpe:2.3:a:google:chrome:2.0.172.2:::::::*
	cpe:2.3:a:google:chrome:2.0.172.8:::::::*
	cpe:2.3:a:google:chrome:2.0.172.27:::::::*
	cpe:2.3:a:google:chrome:2.0.172.28:::::::*
	cpe:2.3:a:google:chrome:2.0.172.30:::::::*
	cpe:2.3:a:google:chrome:2.0.172.33:::::::*
	cpe:2.3:a:google:chrome:2.0.172.37:::::::*
	cpe:2.3:a:google:chrome:2.0.172.38:::::::*
	cpe:2.3:a:google:chrome:3.0.182.2:::::::*
	cpe:2.3:a:google:chrome:3.0.190.2:::::::*
	cpe:2.3:a:google:chrome:3.0.195.25:::::::*
	cpe:2.3:a:google:chrome:3.0.195.27:::::::*
	cpe:2.3:a:google:chrome:3.0.195.33:::::::*
	cpe:2.3:a:google:chrome:3.0.195.36:::::::*
	cpe:2.3:a:google:chrome:3.0.195.37:::::::*
	cpe:2.3:a:google:chrome:3.0.195.38:::::::*
	cpe:2.3:a:google:chrome:4.0.212.0:::::::*
	cpe:2.3:a:google:chrome:4.0.212.1:::::::*
	cpe:2.3:a:google:chrome:4.0.221.8:::::::*
	cpe:2.3:a:google:chrome:4.0.222.0:::::::*
	cpe:2.3:a:google:chrome:4.0.222.1:::::::*
	cpe:2.3:a:google:chrome:4.0.222.5:::::::*
	cpe:2.3:a:google:chrome:4.0.222.12:::::::*
	cpe:2.3:a:google:chrome:4.0.223.0:::::::*
	cpe:2.3:a:google:chrome:4.0.223.1:::::::*
	cpe:2.3:a:google:chrome:4.0.223.2:::::::*
	cpe:2.3:a:google:chrome:4.0.223.4:::::::*
	cpe:2.3:a:google:chrome:4.0.223.5:::::::*
	cpe:2.3:a:google:chrome:4.0.223.7:::::::*
	cpe:2.3:a:google:chrome:4.0.223.8:::::::*
	cpe:2.3:a:google:chrome:4.0.223.9:::::::*
	cpe:2.3:a:google:chrome:4.0.224.0:::::::*
	cpe:2.3:a:google:chrome:4.0.229.1:::::::*
	cpe:2.3:a:google:chrome:4.0.235.0:::::::*
	cpe:2.3:a:google:chrome:4.0.236.0:::::::*
	cpe:2.3:a:google:chrome:4.0.237.0:::::::*
	cpe:2.3:a:google:chrome:4.0.237.1:::::::*
	cpe:2.3:a:google:chrome:4.0.239.0:::::::*
	cpe:2.3:a:google:chrome:4.0.240.0:::::::*
	cpe:2.3:a:google:chrome:4.0.241.0:::::::*
	cpe:2.3:a:google:chrome:4.0.242.0:::::::*
	cpe:2.3:a:google:chrome:4.0.243.0:::::::*
	cpe:2.3:a:google:chrome:4.0.244.0:::::::*
	cpe:2.3:a:google:chrome:4.0.245.0:::::::*
	cpe:2.3:a:google:chrome:4.0.245.1:::::::*
	cpe:2.3:a:google:chrome:4.0.246.0:::::::*
	cpe:2.3:a:google:chrome:4.0.247.0:::::::*
	cpe:2.3:a:google:chrome:4.0.248.0:::::::*
	cpe:2.3:a:google:chrome:4.0.249.0:::::::*
	cpe:2.3:a:google:chrome:4.0.249.1:::::::*
cpe:2.3:a:google:chrome:4.0.249.2:::::::*
cpe:2.3:a:google:chrome:4.0.249.3:::::::*
cpe:2.3:a:google:chrome:4.0.249.4:::::::*
cpe:2.3:a:google:chrome:4.0.249.5:::::::*
cpe:2.3:a:google:chrome:4.0.249.6:::::::*
cpe:2.3:a:google:chrome:4.0.249.7:::::::*
cpe:2.3:a:google:chrome:4.0.249.8:::::::*
cpe:2.3:a:google:chrome:4.0.249.9:::::::*
cpe:2.3:a:google:chrome:4.0.249.10:::::::*
cpe:2.3:a:google:chrome:4.0.249.11:::::::*
cpe:2.3:a:google:chrome:4.0.249.12:::::::*
cpe:2.3:a:google:chrome:4.0.249.14:::::::*
cpe:2.3:a:google:chrome:4.0.249.16:::::::*
cpe:2.3:a:google:chrome:4.0.249.17:::::::*
cpe:2.3:a:google:chrome:4.0.249.18:::::::*
cpe:2.3:a:google:chrome:4.0.249.19:::::::*
cpe:2.3:a:google:chrome:4.0.249.20:::::::*
cpe:2.3:a:google:chrome:4.0.249.21:::::::*
cpe:2.3:a:google:chrome:4.0.249.22:::::::*
cpe:2.3:a:google:chrome:4.0.249.23:::::::*
cpe:2.3:a:google:chrome:4.0.249.24:::::::*
cpe:2.3:a:google:chrome:4.0.249.25:::::::*
cpe:2.3:a:google:chrome:4.0.249.26:::::::*
cpe:2.3:a:google:chrome:4.0.249.27:::::::*
cpe:2.3:a:google:chrome:4.0.249.28:::::::*
cpe:2.3:a:google:chrome:4.0.249.29:::::::*
cpe:2.3:a:google:chrome:4.0.249.30:::::::*
cpe:2.3:a:google:chrome:4.0.249.31:::::::*
cpe:2.3:a:google:chrome:4.0.249.32:::::::*
cpe:2.3:a:google:chrome:4.0.249.33:::::::*
cpe:2.3:a:google:chrome:4.0.249.34:::::::*
cpe:2.3:a:google:chrome:4.0.249.35:::::::*
cpe:2.3:a:google:chrome:4.0.249.36:::::::*
cpe:2.3:a:google:chrome:4.0.249.37:::::::*
cpe:2.3:a:google:chrome:4.0.249.38:::::::*
cpe:2.3:a:google:chrome:4.0.249.39:::::::*
cpe:2.3:a:google:chrome:4.0.249.40:::::::*
cpe:2.3:a:google:chrome:4.0.249.41:::::::*
cpe:2.3:a:google:chrome:4.0.249.42:::::::*
cpe:2.3:a:google:chrome:4.0.249.43:::::::*
cpe:2.3:a:google:chrome:4.0.249.44:::::::*
cpe:2.3:a:google:chrome:4.0.249.45:::::::*
cpe:2.3:a:google:chrome:4.0.249.46:::::::*
cpe:2.3:a:google:chrome:4.0.249.47:::::::*
cpe:2.3:a:google:chrome:4.0.249.48:::::::*
cpe:2.3:a:google:chrome:4.0.249.49:::::::*
cpe:2.3:a:google:chrome:4.0.249.50:::::::*
cpe:2.3:a:google:chrome:4.0.249.51:::::::*
cpe:2.3:a:google:chrome:4.0.249.52:::::::*
cpe:2.3:a:google:chrome:4.0.249.53:::::::*
cpe:2.3:a:google:chrome:4.0.249.54:::::::*
cpe:2.3:a:google:chrome:4.0.249.55:::::::*
cpe:2.3:a:google:chrome:4.0.249.56:::::::*
cpe:2.3:a:google:chrome:4.0.249.57:::::::*
cpe:2.3:a:google:chrome:4.0.249.58:::::::*
cpe:2.3:a:google:chrome:4.0.249.59:::::::*
cpe:2.3:a:google:chrome:4.0.249.60:::::::*
cpe:2.3:a:google:chrome:4.0.249.61:::::::*
cpe:2.3:a:google:chrome:4.0.249.62:::::::*
cpe:2.3:a:google:chrome:4.0.249.63:::::::*
cpe:2.3:a:google:chrome:4.0.249.64:::::::*
cpe:2.3:a:google:chrome:4.0.249.65:::::::*
cpe:2.3:a:google:chrome:4.0.249.66:::::::*
cpe:2.3:a:google:chrome:4.0.249.67:::::::*
cpe:2.3:a:google:chrome:4.0.249.68:::::::*
cpe:2.3:a:google:chrome:4.0.249.69:::::::*
cpe:2.3:a:google:chrome:4.0.249.70:::::::*
cpe:2.3:a:google:chrome:4.0.249.71:::::::*
cpe:2.3:a:google:chrome:4.0.249.72:::::::*
cpe:2.3:a:google:chrome:4.0.249.73:::::::*
cpe:2.3:a:google:chrome:4.0.249.74:::::::*
cpe:2.3:a:google:chrome:4.0.249.75:::::::*
cpe:2.3:a:google:chrome:4.0.249.76:::::::*
cpe:2.3:a:google:chrome:4.0.249.77:::::::*
cpe:2.3:a:google:chrome:4.0.249.78:::::::*
cpe:2.3:a:google:chrome:4.0.249.78:beta::::::
cpe:2.3:a:google:chrome:4.0.249.79:::::::*
cpe:2.3:a:google:chrome:4.0.249.80:::::::*
cpe:2.3:a:google:chrome:4.0.249.81:::::::*
cpe:2.3:a:google:chrome:4.0.249.82:::::::*
cpe:2.3:a:google:chrome:4.0.249.89:::::::*
cpe:2.3:a:google:chrome:4.0.250.0:::::::*
cpe:2.3:a:google:chrome:4.0.250.2:::::::*
cpe:2.3:a:google:chrome:4.0.251.0:::::::*
cpe:2.3:a:google:chrome:4.0.252.0:::::::*
cpe:2.3:a:google:chrome:4.0.254.0:::::::*
cpe:2.3:a:google:chrome:4.0.255.0:::::::*
cpe:2.3:a:google:chrome:4.0.256.0:::::::*
cpe:2.3:a:google:chrome:4.0.257.0:::::::*
cpe:2.3:a:google:chrome:4.0.258.0:::::::*
cpe:2.3:a:google:chrome:4.0.259.0:::::::*
cpe:2.3:a:google:chrome:4.0.260.0:::::::*
cpe:2.3:a:google:chrome:4.0.261.0:::::::*
cpe:2.3:a:google:chrome:4.0.262.0:::::::*
cpe:2.3:a:google:chrome:4.0.263.0:::::::*
cpe:2.3:a:google:chrome:4.0.264.0:::::::*
cpe:2.3:a:google:chrome:4.0.265.0:::::::*
cpe:2.3:a:google:chrome:4.0.266.0:::::::*
cpe:2.3:a:google:chrome:4.0.267.0:::::::*
cpe:2.3:a:google:chrome:4.0.268.0:::::::*
cpe:2.3:a:google:chrome:4.0.269.0:::::::*
cpe:2.3:a:google:chrome:4.0.271.0:::::::*
cpe:2.3:a:google:chrome:4.0.272.0:::::::*
cpe:2.3:a:google:chrome:4.0.275.0:::::::*
cpe:2.3:a:google:chrome:4.0.275.1:::::::*
cpe:2.3:a:google:chrome:4.0.276.0:::::::*
cpe:2.3:a:google:chrome:4.0.277.0:::::::*
cpe:2.3:a:google:chrome:4.0.278.0:::::::*
cpe:2.3:a:google:chrome:4.0.286.0:::::::*
cpe:2.3:a:google:chrome:4.0.287.0:::::::*
cpe:2.3:a:google:chrome:4.0.288.0:::::::*
cpe:2.3:a:google:chrome:4.0.288.1:::::::*
cpe:2.3:a:google:chrome:4.0.289.0:::::::*
cpe:2.3:a:google:chrome:4.0.290.0:::::::*
cpe:2.3:a:google:chrome:4.0.292.0:::::::*
cpe:2.3:a:google:chrome:4.0.294.0:::::::*
cpe:2.3:a:google:chrome:4.0.295.0:::::::*
cpe:2.3:a:google:chrome:4.0.296.0:::::::*
cpe:2.3:a:google:chrome:4.0.299.0:::::::*
cpe:2.3:a:google:chrome:4.0.300.0:::::::*
cpe:2.3:a:google:chrome:4.0.301.0:::::::*
cpe:2.3:a:google:chrome:4.0.302.0:::::::*
cpe:2.3:a:google:chrome:4.0.302.1:::::::*
cpe:2.3:a:google:chrome:4.0.302.2:::::::*
cpe:2.3:a:google:chrome:4.0.302.3:::::::*
cpe:2.3:a:google:chrome:4.0.303.0:::::::*
cpe:2.3:a:google:chrome:4.0.304.0:::::::*
cpe:2.3:a:google:chrome:4.0.305.0:::::::*
cpe:2.3:a:google:chrome:4.1.249.0:::::::*
cpe:2.3:a:google:chrome:4.1.249.1001:::::::*
cpe:2.3:a:google:chrome:4.1.249.1004:::::::*
cpe:2.3:a:google:chrome:4.1.249.1006:::::::*
cpe:2.3:a:google:chrome:4.1.249.1007:::::::*
cpe:2.3:a:google:chrome:4.1.249.1008:::::::*
cpe:2.3:a:google:chrome:4.1.249.1009:::::::*
cpe:2.3:a:google:chrome:4.1.249.1010:::::::*
cpe:2.3:a:google:chrome:4.1.249.1011:::::::*
cpe:2.3:a:google:chrome:4.1.249.1012:::::::*
cpe:2.3:a:google:chrome:4.1.249.1013:::::::*
cpe:2.3:a:google:chrome:4.1.249.1014:::::::*
cpe:2.3:a:google:chrome:4.1.249.1015:::::::*
cpe:2.3:a:google:chrome:4.1.249.1016:::::::*
cpe:2.3:a:google:chrome:4.1.249.1017:::::::*
cpe:2.3:a:google:chrome:4.1.249.1018:::::::*
cpe:2.3:a:google:chrome:4.1.249.1019:::::::*
cpe:2.3:a:google:chrome:4.1.249.1020:::::::*
cpe:2.3:a:google:chrome:4.1.249.1021:::::::*
cpe:2.3:a:google:chrome:4.1.249.1022:::::::*
cpe:2.3:a:google:chrome:4.1.249.1023:::::::*
cpe:2.3:a:google:chrome:4.1.249.1024:::::::*
cpe:2.3:a:google:chrome:4.1.249.1025:::::::*
cpe:2.3:a:google:chrome:4.1.249.1026:::::::*
cpe:2.3:a:google:chrome:4.1.249.1027:::::::*
cpe:2.3:a:google:chrome:4.1.249.1028:::::::*
cpe:2.3:a:google:chrome:4.1.249.1029:::::::*
cpe:2.3:a:google:chrome:4.1.249.1030:::::::*
cpe:2.3:a:google:chrome:4.1.249.1031:::::::*
cpe:2.3:a:google:chrome:4.1.249.1032:::::::*
cpe:2.3:a:google:chrome:4.1.249.1033:::::::*
cpe:2.3:a:google:chrome:4.1.249.1034:::::::*

Configuration 2 (hide)

cpe:2.3:a:flock:flock:3.0.0.4094:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-04-01 22:30

Updated : 2024-02-04 17:54

NVD link : CVE-2010-1236

Mitre link : CVE-2010-1236

CVE.ORG link : CVE-2010-1236

JSON object : View

Products Affected

flock

flock

google

chrome

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10