Unrated severityNVD Advisory· Published Sep 7, 2010· Updated Apr 29, 2026

CVE-2010-3259

Description

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

Affected products

Apple Inc./Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Range: <4.1.3
Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <6.0.472.53
Webkitgtk/Webkitgtk\+
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
Range: <1.2.6
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <4.2
Canonical/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

code.google.com/p/chromium/issues/detailnvdPatchVendor Advisory
googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2010//Nov/msg00002.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvdMailing ListThird Party Advisory
secunia.com/advisories/41856nvdThird Party Advisory
secunia.com/advisories/42314nvdThird Party Advisory
secunia.com/advisories/43068nvdThird Party Advisory
secunia.com/advisories/43086nvdThird Party Advisory
support.apple.com/kb/HT4455nvdThird Party Advisory
support.apple.com/kb/HT4456nvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2011-0177.htmlnvdThird Party Advisory
www.securityfocus.com/bid/44206nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1006-1nvdThird Party Advisory
www.vupen.com/english/advisories/2010/2722nvdThird Party Advisory
www.vupen.com/english/advisories/2010/3046nvdThird Party Advisory
www.vupen.com/english/advisories/2011/0212nvdThird Party Advisory
www.vupen.com/english/advisories/2011/0216nvdThird Party Advisory
www.vupen.com/english/advisories/2011/0552nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11221nvdThird Party Advisory
technet.microsoft.com/library/security/msvr11-002nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000