CVE-2010-5072

{"id": "CVE-2010-5072", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-12-07T19:55:01.517", "references": [{"url": "http://w2spconf.com/2010/papers/p26.pdf", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method."}, {"lang": "es", "value": "La ejecuci\u00f3n de JavaScript en Opera 10.5 no restringe adecuadamente el conjunto de valores contenidos en el objeto devuelto por el m\u00e9todo getComputedStyle, lo que permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las p\u00e1ginas web visitadas por llamar a este m\u00e9todo."}], "lastModified": "2012-03-07T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "137E9883-BF1D-4B54-A904-AFDE179452A3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}