CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

• CWE-200

• http://code.google.com/p/chromium/issues/detail?id=53001Patch, Vendor Advisory
• http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.htmlVendor Advisory
• http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.htmlMailing List, Third Party Advisory
• http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing List, Third Party Advisory
• http://secunia.com/advisories/41856Third Party Advisory
• http://secunia.com/advisories/42314Third Party Advisory
• http://secunia.com/advisories/43068Third Party Advisory
• http://secunia.com/advisories/43086Third Party Advisory
• http://support.apple.com/kb/HT4455Third Party Advisory
• http://support.apple.com/kb/HT4456Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:039Third Party Advisory
• http://www.redhat.com/support/errata/RHSA-2011-0177.htmlThird Party Advisory
• http://www.securityfocus.com/bid/44206Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-1006-1Third Party Advisory
• http://www.vupen.com/english/advisories/2010/2722Third Party Advisory
• http://www.vupen.com/english/advisories/2010/3046Third Party Advisory
• http://www.vupen.com/english/advisories/2011/0212Third Party Advisory
• http://www.vupen.com/english/advisories/2011/0216Third Party Advisory
• http://www.vupen.com/english/advisories/2011/0552Third Party Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11221Third Party Advisory
• https://technet.microsoft.com/library/security/msvr11-002Broken Link
• http://code.google.com/p/chromium/issues/detail?id=53001Patch, Vendor Advisory
• http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.htmlVendor Advisory
• http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.htmlMailing List, Third Party Advisory
• http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlMailing List, Third Party Advisory
• http://secunia.com/advisories/41856Third Party Advisory
• http://secunia.com/advisories/42314Third Party Advisory
• http://secunia.com/advisories/43068Third Party Advisory
• http://secunia.com/advisories/43086Third Party Advisory
• http://support.apple.com/kb/HT4455Third Party Advisory
• http://support.apple.com/kb/HT4456Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:039Third Party Advisory
• http://www.redhat.com/support/errata/RHSA-2011-0177.htmlThird Party Advisory
• http://www.securityfocus.com/bid/44206Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-1006-1Third Party Advisory
• http://www.vupen.com/english/advisories/2010/2722Third Party Advisory
• http://www.vupen.com/english/advisories/2010/3046Third Party Advisory
• http://www.vupen.com/english/advisories/2011/0212Third Party Advisory
• http://www.vupen.com/english/advisories/2011/0216Third Party Advisory
• http://www.vupen.com/english/advisories/2011/0552Third Party Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11221Third Party Advisory
• https://technet.microsoft.com/library/security/msvr11-002Broken Link

Published

Sep 7, 2010

Last Modified

Jun 16, 2026

Status

Modified