CVE-2010-1236

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
googlechrome
𝑥
≤ 4.1.249.1035
googlechrome
0.1.38.1
googlechrome
0.1.38.2
googlechrome
0.1.38.4
googlechrome
0.1.40.1
googlechrome
0.1.42.2
googlechrome
0.1.42.3
googlechrome
1.0.154.53
googlechrome
1.0.154.59
googlechrome
1.0.154.64
googlechrome
1.0.154.65
googlechrome
2.0.169.0
googlechrome
2.0.169.1
googlechrome
2.0.170.0
googlechrome
2.0.172.2
googlechrome
2.0.172.8
googlechrome
2.0.172.27
googlechrome
2.0.172.28
googlechrome
2.0.172.30
googlechrome
2.0.172.33
googlechrome
2.0.172.37
googlechrome
2.0.172.38
googlechrome
3.0.182.2
googlechrome
3.0.190.2
googlechrome
3.0.195.25
googlechrome
3.0.195.27
googlechrome
3.0.195.33
googlechrome
3.0.195.36
googlechrome
3.0.195.37
googlechrome
3.0.195.38
googlechrome
4.0.212.0
googlechrome
4.0.212.1
googlechrome
4.0.221.8
googlechrome
4.0.222.0
googlechrome
4.0.222.1
googlechrome
4.0.222.5
googlechrome
4.0.222.12
googlechrome
4.0.223.0
googlechrome
4.0.223.1
googlechrome
4.0.223.2
googlechrome
4.0.223.4
googlechrome
4.0.223.5
googlechrome
4.0.223.7
googlechrome
4.0.223.8
googlechrome
4.0.223.9
googlechrome
4.0.224.0
googlechrome
4.0.229.1
googlechrome
4.0.235.0
googlechrome
4.0.236.0
googlechrome
4.0.237.0
googlechrome
4.0.237.1
googlechrome
4.0.239.0
googlechrome
4.0.240.0
googlechrome
4.0.241.0
googlechrome
4.0.242.0
googlechrome
4.0.243.0
googlechrome
4.0.244.0
googlechrome
4.0.245.0
googlechrome
4.0.245.1
googlechrome
4.0.246.0
googlechrome
4.0.247.0
googlechrome
4.0.248.0
googlechrome
4.0.249.0
googlechrome
4.0.249.1
googlechrome
4.0.249.2
googlechrome
4.0.249.3
googlechrome
4.0.249.4
googlechrome
4.0.249.5
googlechrome
4.0.249.6
googlechrome
4.0.249.7
googlechrome
4.0.249.8
googlechrome
4.0.249.9
googlechrome
4.0.249.10
googlechrome
4.0.249.11
googlechrome
4.0.249.12
googlechrome
4.0.249.14
googlechrome
4.0.249.16
googlechrome
4.0.249.17
googlechrome
4.0.249.18
googlechrome
4.0.249.19
googlechrome
4.0.249.20
googlechrome
4.0.249.21
googlechrome
4.0.249.22
googlechrome
4.0.249.23
googlechrome
4.0.249.24
googlechrome
4.0.249.25
googlechrome
4.0.249.26
googlechrome
4.0.249.27
googlechrome
4.0.249.28
googlechrome
4.0.249.29
googlechrome
4.0.249.30
googlechrome
4.0.249.31
googlechrome
4.0.249.32
googlechrome
4.0.249.33
googlechrome
4.0.249.34
googlechrome
4.0.249.35
googlechrome
4.0.249.36
googlechrome
4.0.249.37
googlechrome
4.0.249.38
googlechrome
4.0.249.39
googlechrome
4.0.249.40
googlechrome
4.0.249.41
googlechrome
4.0.249.42
googlechrome
4.0.249.43
googlechrome
4.0.249.44
googlechrome
4.0.249.45
googlechrome
4.0.249.46
googlechrome
4.0.249.47
googlechrome
4.0.249.48
googlechrome
4.0.249.49
googlechrome
4.0.249.50
googlechrome
4.0.249.51
googlechrome
4.0.249.52
googlechrome
4.0.249.53
googlechrome
4.0.249.54
googlechrome
4.0.249.55
googlechrome
4.0.249.56
googlechrome
4.0.249.57
googlechrome
4.0.249.58
googlechrome
4.0.249.59
googlechrome
4.0.249.60
googlechrome
4.0.249.61
googlechrome
4.0.249.62
googlechrome
4.0.249.63
googlechrome
4.0.249.64
googlechrome
4.0.249.65
googlechrome
4.0.249.66
googlechrome
4.0.249.67
googlechrome
4.0.249.68
googlechrome
4.0.249.69
googlechrome
4.0.249.70
googlechrome
4.0.249.71
googlechrome
4.0.249.72
googlechrome
4.0.249.73
googlechrome
4.0.249.74
googlechrome
4.0.249.75
googlechrome
4.0.249.76
googlechrome
4.0.249.77
googlechrome
4.0.249.78
googlechrome
4.0.249.78:beta
googlechrome
4.0.249.79
googlechrome
4.0.249.80
googlechrome
4.0.249.81
googlechrome
4.0.249.82
googlechrome
4.0.249.89
googlechrome
4.0.250.0
googlechrome
4.0.250.2
googlechrome
4.0.251.0
googlechrome
4.0.252.0
googlechrome
4.0.254.0
googlechrome
4.0.255.0
googlechrome
4.0.256.0
googlechrome
4.0.257.0
googlechrome
4.0.258.0
googlechrome
4.0.259.0
googlechrome
4.0.260.0
googlechrome
4.0.261.0
googlechrome
4.0.262.0
googlechrome
4.0.263.0
googlechrome
4.0.264.0
googlechrome
4.0.265.0
googlechrome
4.0.266.0
googlechrome
4.0.267.0
googlechrome
4.0.268.0
googlechrome
4.0.269.0
googlechrome
4.0.271.0
googlechrome
4.0.272.0
googlechrome
4.0.275.0
googlechrome
4.0.275.1
googlechrome
4.0.276.0
googlechrome
4.0.277.0
googlechrome
4.0.278.0
googlechrome
4.0.286.0
googlechrome
4.0.287.0
googlechrome
4.0.288.0
googlechrome
4.0.288.1
googlechrome
4.0.289.0
googlechrome
4.0.290.0
googlechrome
4.0.292.0
googlechrome
4.0.294.0
googlechrome
4.0.295.0
googlechrome
4.0.296.0
googlechrome
4.0.299.0
googlechrome
4.0.300.0
googlechrome
4.0.301.0
googlechrome
4.0.302.0
googlechrome
4.0.302.1
googlechrome
4.0.302.2
googlechrome
4.0.302.3
googlechrome
4.0.303.0
googlechrome
4.0.304.0
googlechrome
4.0.305.0
googlechrome
4.1.249.0
googlechrome
4.1.249.1001
googlechrome
4.1.249.1004
googlechrome
4.1.249.1006
googlechrome
4.1.249.1007
googlechrome
4.1.249.1008
googlechrome
4.1.249.1009
googlechrome
4.1.249.1010
googlechrome
4.1.249.1011
googlechrome
4.1.249.1012
googlechrome
4.1.249.1013
googlechrome
4.1.249.1014
googlechrome
4.1.249.1015
googlechrome
4.1.249.1016
googlechrome
4.1.249.1017
googlechrome
4.1.249.1018
googlechrome
4.1.249.1019
googlechrome
4.1.249.1020
googlechrome
4.1.249.1021
googlechrome
4.1.249.1022
googlechrome
4.1.249.1023
googlechrome
4.1.249.1024
googlechrome
4.1.249.1025
googlechrome
4.1.249.1026
googlechrome
4.1.249.1027
googlechrome
4.1.249.1028
googlechrome
4.1.249.1029
googlechrome
4.1.249.1030
googlechrome
4.1.249.1031
googlechrome
4.1.249.1032
googlechrome
4.1.249.1033
googlechrome
4.1.249.1034
flockflock
3.0.0.4094
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
Fixed 5.0.375.38~r46659-0ubuntu0.10.04.1
released
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://code.google.com/p/chromium/issues/detail?id=37383
http://codereview.chromium.org/858001
http://flock.com/security/
http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
http://src.chromium.org/viewvc/chrome?view=rev&revision=41244
http://www.vupen.com/english/advisories/2011/0212
https://bugs.webkit.org/show_bug.cgi?id=35948
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14067
http://code.google.com/p/chromium/issues/detail?id=37383
http://codereview.chromium.org/858001
http://flock.com/security/
http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
http://src.chromium.org/viewvc/chrome?view=rev&revision=41244
http://www.vupen.com/english/advisories/2011/0212
https://bugs.webkit.org/show_bug.cgi?id=35948
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14067