CVE-2010-0315

WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
googlechrome
𝑥
≤ 4.0.249.78
googlechrome
0.2.149.27
googlechrome
0.2.149.29
googlechrome
0.2.149.30
googlechrome
0.2.152.1
googlechrome
0.2.153.1
googlechrome
0.3.154.0
googlechrome
0.3.154.3
googlechrome
0.4.154.18
googlechrome
0.4.154.22
googlechrome
0.4.154.31
googlechrome
0.4.154.33
googlechrome
1.0.154.36
googlechrome
1.0.154.39
googlechrome
1.0.154.42
googlechrome
1.0.154.43
googlechrome
1.0.154.46
googlechrome
1.0.154.48
googlechrome
1.0.154.52
googlechrome
1.0.154.53
googlechrome
1.0.154.59
googlechrome
1.0.154.65
googlechrome
2.0.156.1
googlechrome
2.0.157.0
googlechrome
2.0.157.2
googlechrome
2.0.158.0
googlechrome
2.0.159.0
googlechrome
2.0.169.0
googlechrome
2.0.169.1
googlechrome
2.0.170.0
googlechrome
2.0.172
googlechrome
2.0.172.2
googlechrome
2.0.172.8
googlechrome
2.0.172.27
googlechrome
2.0.172.28
googlechrome
2.0.172.30
googlechrome
2.0.172.31
googlechrome
2.0.172.33
googlechrome
2.0.172.37
googlechrome
2.0.172.38
googlechrome
3.0.182.2
googlechrome
3.0.190.2
googlechrome
3.0.193.2:beta
googlechrome
3.0.195.21
googlechrome
3.0.195.24
googlechrome
3.0.195.32
googlechrome
3.0.195.33
𝑥
= Vulnerable software versions
References
http://code.google.com/p/chromium/issues/detail?id=32309
http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html
http://secunia.com/advisories/38545
http://secunia.com/advisories/43068
http://securitytracker.com/id?1023583
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
http://trac.webkit.org/changeset/53607
http://www.securityfocus.com/bid/38177
http://www.vupen.com/english/advisories/2010/0361
http://www.vupen.com/english/advisories/2011/0212
https://bugs.webkit.org/show_bug.cgi?id=33683
https://exchange.xforce.ibmcloud.com/vulnerabilities/55683
https://exchange.xforce.ibmcloud.com/vulnerabilities/56215
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452
http://code.google.com/p/chromium/issues/detail?id=32309
http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html
http://secunia.com/advisories/38545
http://secunia.com/advisories/43068
http://securitytracker.com/id?1023583
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs
http://trac.webkit.org/changeset/53607
http://www.securityfocus.com/bid/38177
http://www.vupen.com/english/advisories/2010/0361
http://www.vupen.com/english/advisories/2011/0212
https://bugs.webkit.org/show_bug.cgi?id=33683
https://exchange.xforce.ibmcloud.com/vulnerabilities/55683
https://exchange.xforce.ibmcloud.com/vulnerabilities/56215
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14452