FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-1407

This CVE name corresponds to:

Entered Topic
2010-07-18 webkit-gtk2 -- Multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-1407 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-1407
Phase Assigned(20100415)

Description

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.

References

Source Reference
CONFIRM http://support.apple.com/kb/HT4225
CONFIRM http://support.apple.com/kb/HT4456
APPLE APPLE-SA-2010-06-21-1
APPLE APPLE-SA-2010-11-22-1
MANDRIVA MDVSA-2011:039
SUSE SUSE-SR:2011:002
UBUNTU USN-1006-1
BID 41016
SECUNIA 41856
SECUNIA 42314
SECUNIA 43068
VUPEN ADV-2010-2722
VUPEN ADV-2011-0212
VUPEN ADV-2011-0552
XF appleios-historyreplace-info-disclosure(59629)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.