CVE-2010-1386

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:webkit:r50173:*:*:*:*:*:*:*

History

21 Nov 2024, 01:14

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html -
References () http://secunia.com/advisories/41856 - Vendor Advisory () http://secunia.com/advisories/41856 - Vendor Advisory
References () http://secunia.com/advisories/43068 - Vendor Advisory () http://secunia.com/advisories/43068 - Vendor Advisory
References () http://security-tracker.debian.org/tracker/CVE-2010-1386 - () http://security-tracker.debian.org/tracker/CVE-2010-1386 -
References () http://trac.webkit.org/changeset/56188 - () http://trac.webkit.org/changeset/56188 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 -
References () http://www.securityfocus.com/bid/42500 - () http://www.securityfocus.com/bid/42500 -
References () http://www.ubuntu.com/usn/USN-1006-1 - () http://www.ubuntu.com/usn/USN-1006-1 -
References () http://www.vupen.com/english/advisories/2010/2722 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/2722 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0212 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0212 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0552 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0552 - Vendor Advisory
References () https://bugs.webkit.org/show_bug.cgi?id=36255 - () https://bugs.webkit.org/show_bug.cgi?id=36255 -

Information

Published : 2010-08-19 22:00

Updated : 2024-11-21 01:14


NVD link : CVE-2010-1386

Mitre link : CVE-2010-1386

CVE.ORG link : CVE-2010-1386


JSON object : View

Products Affected

apple

  • webkit
CWE
CWE-264

Permissions, Privileges, and Access Controls