CVE-2010-1236

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

References

http://code.google.com/p/chromium/issues/detail?id=37383

http://codereview.chromium.org/858001

http://flock.com/security/

http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/43068

http://src.chromium.org/viewvc/chrome?view=rev&revision=41244

http://www.vupen.com/english/advisories/2011/0212

https://bugs.webkit.org/show_bug.cgi?id=35948

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14067

Details

Source: MITRE

Published: 2010-04-01

Updated: 2017-09-19

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:0.1.38.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.1.38.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.1.38.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.1.40.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.1.42.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:0.1.42.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:3.0.195.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:3.0.195.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:3.0.195.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:3.0.195.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:3.0.195.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.212.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.212.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.221.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.222.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.222.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.222.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.222.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.223.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.223.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.223.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.223.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.223.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.223.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.223.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.223.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.224.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.229.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.235.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.236.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.237.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.237.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.239.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.240.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.241.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.242.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.243.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.244.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.245.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.245.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.246.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.247.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.248.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.66:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.67:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.70:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.71:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.73:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.74:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.75:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.76:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.77:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.78:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.78:beta:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.79:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.81:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.82:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.249.89:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.250.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.250.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.251.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.252.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.254.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.255.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.256.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.257.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.258.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.259.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.260.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.261.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.262.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.263.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.264.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.265.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.266.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.267.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.268.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.269.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.271.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.272.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.275.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.275.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.276.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.277.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.278.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.286.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.287.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.288.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.288.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.289.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.290.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.292.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.294.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.295.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.296.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.299.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.300.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.301.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.302.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.302.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.302.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.302.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.303.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.304.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.0.305.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1001:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1004:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1006:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1007:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1008:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1009:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1010:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1011:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1012:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1013:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1014:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1015:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1016:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1017:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1018:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1019:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1020:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1021:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1022:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1023:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1024:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1025:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1026:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1027:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1028:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1029:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1030:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1031:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1032:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1033:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:4.1.249.1034:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 4.1.249.1035 (inclusive)

Configuration 2

OR

cpe:2.3:a:flock:flock:3.0.0.4094:*:*:*:*:*:*:*

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
75629openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)NessusSuSE Local Security Checks
critical
53764openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)NessusSuSE Local Security Checks
critical
5364Google Chrome < 4.1.249.1036 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
45086Google Chrome < 4.1.249.1036 Multiple VulnerabilitiesNessusWindows
high