FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-1760

This CVE name corresponds to:

Entered Topic
2010-07-18 webkit-gtk2 -- Multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2010-1760
Phase Assigned(20100506)

Description

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

References

Source Reference
CONFIRM http://security-tracker.debian.org/tracker/CVE-2010-1760
CONFIRM http://trac.webkit.org/changeset/58409
CONFIRM https://bugs.webkit.org/show_bug.cgi?id=37781
MANDRIVA MDVSA-2011:039
SUSE SUSE-SR:2011:002
UBUNTU USN-1006-1
BID 42494
SECUNIA 41856
SECUNIA 43068
VUPEN ADV-2010-2722
VUPEN ADV-2011-0212
VUPEN ADV-2011-0552