Your submission was sent successfully! Close

CVE-2011-1187

Published: 10 March 2011

Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

Notes

AuthorNote
jdstrand
chromium-browser uses an embedded libv8
mikesalvatore
The Ubuntu Security Team does not support libv8
Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
artful
Released (10.0.648.127~r76697-0ubuntu1)
bionic
Released (10.0.648.127~r76697-0ubuntu1)
cosmic
Released (10.0.648.127~r76697-0ubuntu1)
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (3.0.1271.97-0ubuntu0.10.04.1)
maverick
Released (10.0.648.127~r76697-0ubuntu0.10.10.1)
natty
Released (10.0.648.127~r76697-0ubuntu1)
oneiric
Released (3.0.1271.97-0ubuntu0.11.10.1)
precise Does not exist
(precise was released [3.0.1271.97-0ubuntu0.12.04.1])
quantal
Released (3.0.1271.97-0ubuntu0.12.10.1)
raring
Released (10.0.648.127~r76697-0ubuntu1)
saucy
Released (10.0.648.127~r76697-0ubuntu1)
trusty Does not exist
(trusty was released [10.0.648.127~r76697-0ubuntu1])
upstream
Released (10.0.648.127)
utopic
Released (10.0.648.127~r76697-0ubuntu1)
vivid
Released (10.0.648.127~r76697-0ubuntu1)
wily
Released (10.0.648.127~r76697-0ubuntu1)
xenial
Released (10.0.648.127~r76697-0ubuntu1)
yakkety
Released (10.0.648.127~r76697-0ubuntu1)
zesty
Released (10.0.648.127~r76697-0ubuntu1)
firefox
Launchpad, Ubuntu, Debian
artful
Released (12.0+build1-0ubuntu0.12.04.1)
bionic
Released (12.0+build1-0ubuntu0.12.04.1)
cosmic
Released (12.0+build1-0ubuntu0.12.04.1)
hardy Ignored
(reached end-of-life)
lucid
Released (12.0+build1-0ubuntu0.10.04.1)
natty
Released (12.0+build1-0ubuntu0.11.04.1)
oneiric
Released (12.0+build1-0ubuntu0.11.10.1)
precise Does not exist
(precise was released [12.0+build1-0ubuntu0.12.04.1])
quantal
Released (12.0+build1-0ubuntu0.12.04.1)
raring
Released (12.0+build1-0ubuntu0.12.04.1)
saucy
Released (12.0+build1-0ubuntu0.12.04.1)
trusty Does not exist
(trusty was released [12.0+build1-0ubuntu0.12.04.1])
upstream
Released (12.0)
utopic
Released (12.0+build1-0ubuntu0.12.04.1)
vivid
Released (12.0+build1-0ubuntu0.12.04.1)
wily
Released (12.0+build1-0ubuntu0.12.04.1)
xenial
Released (12.0+build1-0ubuntu0.12.04.1)
yakkety
Released (12.0+build1-0ubuntu0.12.04.1)
zesty
Released (12.0+build1-0ubuntu0.12.04.1)
libv8
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist

upstream Needed

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Patches:
upstream: http://code.google.com/p/v8/source/detail?r=6435
libv8-3.14
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Ignored
(libv8 not supported)
cosmic Ignored
(libv8 not supported)
lucid Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was ignored [libv8 not supported])
upstream Needed

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(libv8 not supported)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
thunderbird
Launchpad, Ubuntu, Debian
artful Not vulnerable
(13.0~b4+build1-0ubuntu1)
bionic Not vulnerable
(13.0~b4+build1-0ubuntu1)
cosmic Not vulnerable
(13.0~b4+build1-0ubuntu1)
hardy Ignored
(reached end-of-life)
lucid
Released (12.0.1+build1-0ubuntu0.10.04.1)
natty
Released (12.0.1+build1-0ubuntu0.11.04.1)
oneiric
Released (12.0.1+build1-0ubuntu0.11.10.1)
precise Does not exist
(precise was released [12.0.1+build1-0ubuntu0.12.04.1])
quantal Not vulnerable
(13.0~b4+build1-0ubuntu1)
raring Not vulnerable
(13.0~b4+build1-0ubuntu1)
saucy Not vulnerable
(13.0~b4+build1-0ubuntu1)
trusty Does not exist
(trusty was not-affected [13.0~b4+build1-0ubuntu1])
upstream
Released (12.0)
utopic Not vulnerable
(13.0~b4+build1-0ubuntu1)
vivid Not vulnerable
(13.0~b4+build1-0ubuntu1)
wily Not vulnerable
(13.0~b4+build1-0ubuntu1)
xenial Not vulnerable
(13.0~b4+build1-0ubuntu1)
yakkety Not vulnerable
(13.0~b4+build1-0ubuntu1)
zesty Not vulnerable
(13.0~b4+build1-0ubuntu1)