CVE-2010-3813
Published: 22 November 2010
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.
Notes
Author | Note |
---|---|
jdstrand | qt4-x11 unmaintained upstream (see README.webkit for details) |
Priority
Status
Package | Release | Status |
---|---|---|
qt4-x11 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(no webkit)
|
hardy |
Not vulnerable
(no webkit)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Not vulnerable
(webkit isn't built)
|
|
natty |
Not vulnerable
(webkit isn't built)
|
|
oneiric |
Not vulnerable
(webkit isn't built)
|
|
precise |
Not vulnerable
(webkit isn't built)
|
|
quantal |
Not vulnerable
(webkit isn't built)
|
|
raring |
Not vulnerable
(webkit isn't built)
|
|
saucy |
Not vulnerable
(webkit isn't built)
|
|
trusty |
Not vulnerable
(webkit isn't built)
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(webkit isn't built)
|
|
vivid |
Not vulnerable
(webkit isn't built)
|
|
wily |
Not vulnerable
(webkit isn't built)
|
|
xenial |
Not vulnerable
(webkit isn't built)
|
|
yakkety |
Not vulnerable
(webkit isn't built)
|
|
qtwebkit-source Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was ignored [no update available])
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(no update available)
|
|
yakkety |
Ignored
(end of life)
|
|
webkit Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(1.2.7-0ubuntu0.10.04.1)
|
|
maverick |
Released
(1.2.7-0ubuntu0.10.10.1)
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.2.6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
webkitgtk Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [2.4.8-1ubuntu1~ubuntu14.04.1])
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Not vulnerable
(2.4.9-2ubuntu2)
|
|
xenial |
Not vulnerable
(2.4.9-2ubuntu2)
|
|
yakkety |
Not vulnerable
(2.4.9-2ubuntu2)
|