Vulnerability Details CVE-2010-1236
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://code.google.com/p/chromium/issues/detail?id=37383
- http://codereview.chromium.org/858001
- http://flock.com/security/
- http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43068
- http://src.chromium.org/viewvc/chrome?view=rev&revision=41244
- http://www.vupen.com/english/advisories/2011/0212
- https://bugs.webkit.org/show_bug.cgi?id=35948
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14067
- http://code.google.com/p/chromium/issues/detail?id=37383
- http://codereview.chromium.org/858001
- http://flock.com/security/
- http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43068
- http://src.chromium.org/viewvc/chrome?view=rev&revision=41244
- http://www.vupen.com/english/advisories/2011/0212
- https://bugs.webkit.org/show_bug.cgi?id=35948
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14067
Products affected by CVE-2010-1236
-
cpe:2.3:a:flock:flock:3.0.0.4094
-
cpe:2.3:a:google:chrome:-
-
cpe:2.3:a:google:chrome:0.1.38.1
-
cpe:2.3:a:google:chrome:0.1.38.2
-
cpe:2.3:a:google:chrome:0.1.38.4
-
cpe:2.3:a:google:chrome:0.1.40.1
-
cpe:2.3:a:google:chrome:0.1.42.2
-
cpe:2.3:a:google:chrome:0.1.42.3
-
cpe:2.3:a:google:chrome:0.2.149.27
-
cpe:2.3:a:google:chrome:0.2.149.29
-
cpe:2.3:a:google:chrome:0.2.149.30
-
cpe:2.3:a:google:chrome:0.2.152.1
-
cpe:2.3:a:google:chrome:0.2.153.1
-
cpe:2.3:a:google:chrome:0.3.154.0
-
cpe:2.3:a:google:chrome:0.3.154.3
-
cpe:2.3:a:google:chrome:0.4.154.18
-
cpe:2.3:a:google:chrome:0.4.154.22
-
cpe:2.3:a:google:chrome:0.4.154.31
-
cpe:2.3:a:google:chrome:0.4.154.33
-
cpe:2.3:a:google:chrome:1.0.154.36
-
cpe:2.3:a:google:chrome:1.0.154.39
-
cpe:2.3:a:google:chrome:1.0.154.42
-
cpe:2.3:a:google:chrome:1.0.154.43
-
cpe:2.3:a:google:chrome:1.0.154.46
-
cpe:2.3:a:google:chrome:1.0.154.48
-
cpe:2.3:a:google:chrome:1.0.154.52
-
cpe:2.3:a:google:chrome:1.0.154.53
-
cpe:2.3:a:google:chrome:1.0.154.59
-
cpe:2.3:a:google:chrome:1.0.154.64
-
cpe:2.3:a:google:chrome:1.0.154.65
-
cpe:2.3:a:google:chrome:2.0.156.1
-
cpe:2.3:a:google:chrome:2.0.157.0
-
cpe:2.3:a:google:chrome:2.0.157.2
-
cpe:2.3:a:google:chrome:2.0.158.0
-
cpe:2.3:a:google:chrome:2.0.159.0
-
cpe:2.3:a:google:chrome:2.0.169.0
-
cpe:2.3:a:google:chrome:2.0.169.1
-
cpe:2.3:a:google:chrome:2.0.170.0
-
cpe:2.3:a:google:chrome:2.0.172
-
cpe:2.3:a:google:chrome:2.0.172.2
-
cpe:2.3:a:google:chrome:2.0.172.27
-
cpe:2.3:a:google:chrome:2.0.172.28
-
cpe:2.3:a:google:chrome:2.0.172.30
-
cpe:2.3:a:google:chrome:2.0.172.31
-
cpe:2.3:a:google:chrome:2.0.172.33
-
cpe:2.3:a:google:chrome:2.0.172.37
-
cpe:2.3:a:google:chrome:2.0.172.38
-
cpe:2.3:a:google:chrome:2.0.172.43
-
cpe:2.3:a:google:chrome:2.0.172.8
-
cpe:2.3:a:google:chrome:3.0
-
cpe:2.3:a:google:chrome:3.0.182.2
-
cpe:2.3:a:google:chrome:3.0.190.2
-
cpe:2.3:a:google:chrome:3.0.193.2
-
cpe:2.3:a:google:chrome:3.0.195.2
-
cpe:2.3:a:google:chrome:3.0.195.21
-
cpe:2.3:a:google:chrome:3.0.195.24
-
cpe:2.3:a:google:chrome:3.0.195.25
-
cpe:2.3:a:google:chrome:3.0.195.27
-
cpe:2.3:a:google:chrome:3.0.195.32
-
cpe:2.3:a:google:chrome:3.0.195.33
-
cpe:2.3:a:google:chrome:3.0.195.36
-
cpe:2.3:a:google:chrome:3.0.195.37
-
cpe:2.3:a:google:chrome:3.0.195.38
-
cpe:2.3:a:google:chrome:4.0.212.0
-
cpe:2.3:a:google:chrome:4.0.212.1
-
cpe:2.3:a:google:chrome:4.0.221.8
-
cpe:2.3:a:google:chrome:4.0.222.0
-
cpe:2.3:a:google:chrome:4.0.222.1
-
cpe:2.3:a:google:chrome:4.0.222.12
-
cpe:2.3:a:google:chrome:4.0.222.5
-
cpe:2.3:a:google:chrome:4.0.223.0
-
cpe:2.3:a:google:chrome:4.0.223.1
-
cpe:2.3:a:google:chrome:4.0.223.2
-
cpe:2.3:a:google:chrome:4.0.223.4
-
cpe:2.3:a:google:chrome:4.0.223.5
-
cpe:2.3:a:google:chrome:4.0.223.7
-
cpe:2.3:a:google:chrome:4.0.223.8
-
cpe:2.3:a:google:chrome:4.0.223.9
-
cpe:2.3:a:google:chrome:4.0.224.0
-
cpe:2.3:a:google:chrome:4.0.229.1
-
cpe:2.3:a:google:chrome:4.0.235.0
-
cpe:2.3:a:google:chrome:4.0.236.0
-
cpe:2.3:a:google:chrome:4.0.237.0
-
cpe:2.3:a:google:chrome:4.0.237.1
-
cpe:2.3:a:google:chrome:4.0.239.0
-
cpe:2.3:a:google:chrome:4.0.240.0
-
cpe:2.3:a:google:chrome:4.0.241.0
-
cpe:2.3:a:google:chrome:4.0.242.0
-
cpe:2.3:a:google:chrome:4.0.243.0
-
cpe:2.3:a:google:chrome:4.0.244.0
-
cpe:2.3:a:google:chrome:4.0.245.0
-
cpe:2.3:a:google:chrome:4.0.245.1
-
cpe:2.3:a:google:chrome:4.0.246.0
-
cpe:2.3:a:google:chrome:4.0.247.0
-
cpe:2.3:a:google:chrome:4.0.248.0
-
cpe:2.3:a:google:chrome:4.0.249.0
-
cpe:2.3:a:google:chrome:4.0.249.1
-
cpe:2.3:a:google:chrome:4.0.249.10
-
cpe:2.3:a:google:chrome:4.0.249.11
-
cpe:2.3:a:google:chrome:4.0.249.12
-
cpe:2.3:a:google:chrome:4.0.249.14
-
cpe:2.3:a:google:chrome:4.0.249.16
-
cpe:2.3:a:google:chrome:4.0.249.17
-
cpe:2.3:a:google:chrome:4.0.249.18
-
cpe:2.3:a:google:chrome:4.0.249.19
-
cpe:2.3:a:google:chrome:4.0.249.2
-
cpe:2.3:a:google:chrome:4.0.249.20
-
cpe:2.3:a:google:chrome:4.0.249.21
-
cpe:2.3:a:google:chrome:4.0.249.22
-
cpe:2.3:a:google:chrome:4.0.249.23
-
cpe:2.3:a:google:chrome:4.0.249.24
-
cpe:2.3:a:google:chrome:4.0.249.25
-
cpe:2.3:a:google:chrome:4.0.249.26
-
cpe:2.3:a:google:chrome:4.0.249.27
-
cpe:2.3:a:google:chrome:4.0.249.28
-
cpe:2.3:a:google:chrome:4.0.249.29
-
cpe:2.3:a:google:chrome:4.0.249.3
-
cpe:2.3:a:google:chrome:4.0.249.30
-
cpe:2.3:a:google:chrome:4.0.249.31
-
cpe:2.3:a:google:chrome:4.0.249.32
-
cpe:2.3:a:google:chrome:4.0.249.33
-
cpe:2.3:a:google:chrome:4.0.249.34
-
cpe:2.3:a:google:chrome:4.0.249.35
-
cpe:2.3:a:google:chrome:4.0.249.36
-
cpe:2.3:a:google:chrome:4.0.249.37
-
cpe:2.3:a:google:chrome:4.0.249.38
-
cpe:2.3:a:google:chrome:4.0.249.39
-
cpe:2.3:a:google:chrome:4.0.249.4
-
cpe:2.3:a:google:chrome:4.0.249.40
-
cpe:2.3:a:google:chrome:4.0.249.41
-
cpe:2.3:a:google:chrome:4.0.249.42
-
cpe:2.3:a:google:chrome:4.0.249.43
-
cpe:2.3:a:google:chrome:4.0.249.44
-
cpe:2.3:a:google:chrome:4.0.249.45
-
cpe:2.3:a:google:chrome:4.0.249.46
-
cpe:2.3:a:google:chrome:4.0.249.47
-
cpe:2.3:a:google:chrome:4.0.249.48
-
cpe:2.3:a:google:chrome:4.0.249.49
-
cpe:2.3:a:google:chrome:4.0.249.5
-
cpe:2.3:a:google:chrome:4.0.249.50
-
cpe:2.3:a:google:chrome:4.0.249.51
-
cpe:2.3:a:google:chrome:4.0.249.52
-
cpe:2.3:a:google:chrome:4.0.249.53
-
cpe:2.3:a:google:chrome:4.0.249.54
-
cpe:2.3:a:google:chrome:4.0.249.55
-
cpe:2.3:a:google:chrome:4.0.249.56
-
cpe:2.3:a:google:chrome:4.0.249.57
-
cpe:2.3:a:google:chrome:4.0.249.58
-
cpe:2.3:a:google:chrome:4.0.249.59
-
cpe:2.3:a:google:chrome:4.0.249.6
-
cpe:2.3:a:google:chrome:4.0.249.60
-
cpe:2.3:a:google:chrome:4.0.249.61
-
cpe:2.3:a:google:chrome:4.0.249.62
-
cpe:2.3:a:google:chrome:4.0.249.63
-
cpe:2.3:a:google:chrome:4.0.249.64
-
cpe:2.3:a:google:chrome:4.0.249.65
-
cpe:2.3:a:google:chrome:4.0.249.66
-
cpe:2.3:a:google:chrome:4.0.249.67
-
cpe:2.3:a:google:chrome:4.0.249.68
-
cpe:2.3:a:google:chrome:4.0.249.69
-
cpe:2.3:a:google:chrome:4.0.249.7
-
cpe:2.3:a:google:chrome:4.0.249.70
-
cpe:2.3:a:google:chrome:4.0.249.71
-
cpe:2.3:a:google:chrome:4.0.249.72
-
cpe:2.3:a:google:chrome:4.0.249.73
-
cpe:2.3:a:google:chrome:4.0.249.74
-
cpe:2.3:a:google:chrome:4.0.249.75
-
cpe:2.3:a:google:chrome:4.0.249.76
-
cpe:2.3:a:google:chrome:4.0.249.77
-
cpe:2.3:a:google:chrome:4.0.249.78
-
cpe:2.3:a:google:chrome:4.0.249.79
-
cpe:2.3:a:google:chrome:4.0.249.8
-
cpe:2.3:a:google:chrome:4.0.249.80
-
cpe:2.3:a:google:chrome:4.0.249.81
-
cpe:2.3:a:google:chrome:4.0.249.82
-
cpe:2.3:a:google:chrome:4.0.249.89
-
cpe:2.3:a:google:chrome:4.0.249.9
-
cpe:2.3:a:google:chrome:4.0.250.0
-
cpe:2.3:a:google:chrome:4.0.250.2
-
cpe:2.3:a:google:chrome:4.0.251.0
-
cpe:2.3:a:google:chrome:4.0.252.0
-
cpe:2.3:a:google:chrome:4.0.254.0
-
cpe:2.3:a:google:chrome:4.0.255.0
-
cpe:2.3:a:google:chrome:4.0.256.0
-
cpe:2.3:a:google:chrome:4.0.257.0
-
cpe:2.3:a:google:chrome:4.0.258.0
-
cpe:2.3:a:google:chrome:4.0.259.0
-
cpe:2.3:a:google:chrome:4.0.260.0
-
cpe:2.3:a:google:chrome:4.0.261.0
-
cpe:2.3:a:google:chrome:4.0.262.0
-
cpe:2.3:a:google:chrome:4.0.263.0
-
cpe:2.3:a:google:chrome:4.0.264.0
-
cpe:2.3:a:google:chrome:4.0.265.0
-
cpe:2.3:a:google:chrome:4.0.266.0
-
cpe:2.3:a:google:chrome:4.0.267.0
-
cpe:2.3:a:google:chrome:4.0.268.0
-
cpe:2.3:a:google:chrome:4.0.269.0
-
cpe:2.3:a:google:chrome:4.0.271.0
-
cpe:2.3:a:google:chrome:4.0.272.0
-
cpe:2.3:a:google:chrome:4.0.275.0
-
cpe:2.3:a:google:chrome:4.0.275.1
-
cpe:2.3:a:google:chrome:4.0.276.0
-
cpe:2.3:a:google:chrome:4.0.277.0
-
cpe:2.3:a:google:chrome:4.0.278.0
-
cpe:2.3:a:google:chrome:4.0.286.0
-
cpe:2.3:a:google:chrome:4.0.287.0
-
cpe:2.3:a:google:chrome:4.0.288.0
-
cpe:2.3:a:google:chrome:4.0.288.1
-
cpe:2.3:a:google:chrome:4.0.289.0
-
cpe:2.3:a:google:chrome:4.0.290.0
-
cpe:2.3:a:google:chrome:4.0.292.0
-
cpe:2.3:a:google:chrome:4.0.294.0
-
cpe:2.3:a:google:chrome:4.0.295.0
-
cpe:2.3:a:google:chrome:4.0.296.0
-
cpe:2.3:a:google:chrome:4.0.299.0
-
cpe:2.3:a:google:chrome:4.0.300.0
-
cpe:2.3:a:google:chrome:4.0.301.0
-
cpe:2.3:a:google:chrome:4.0.302.0
-
cpe:2.3:a:google:chrome:4.0.302.1
-
cpe:2.3:a:google:chrome:4.0.302.2
-
cpe:2.3:a:google:chrome:4.0.302.3
-
cpe:2.3:a:google:chrome:4.0.303.0
-
cpe:2.3:a:google:chrome:4.0.304.0
-
cpe:2.3:a:google:chrome:4.0.305.0
-
cpe:2.3:a:google:chrome:4.1
-
cpe:2.3:a:google:chrome:4.1.249.0
-
cpe:2.3:a:google:chrome:4.1.249.1001
-
cpe:2.3:a:google:chrome:4.1.249.1004
-
cpe:2.3:a:google:chrome:4.1.249.1006
-
cpe:2.3:a:google:chrome:4.1.249.1007
-
cpe:2.3:a:google:chrome:4.1.249.1008
-
cpe:2.3:a:google:chrome:4.1.249.1009
-
cpe:2.3:a:google:chrome:4.1.249.1010
-
cpe:2.3:a:google:chrome:4.1.249.1011
-
cpe:2.3:a:google:chrome:4.1.249.1012
-
cpe:2.3:a:google:chrome:4.1.249.1013
-
cpe:2.3:a:google:chrome:4.1.249.1014
-
cpe:2.3:a:google:chrome:4.1.249.1015
-
cpe:2.3:a:google:chrome:4.1.249.1016
-
cpe:2.3:a:google:chrome:4.1.249.1017
-
cpe:2.3:a:google:chrome:4.1.249.1018
-
cpe:2.3:a:google:chrome:4.1.249.1019
-
cpe:2.3:a:google:chrome:4.1.249.1020
-
cpe:2.3:a:google:chrome:4.1.249.1021
-
cpe:2.3:a:google:chrome:4.1.249.1022
-
cpe:2.3:a:google:chrome:4.1.249.1023
-
cpe:2.3:a:google:chrome:4.1.249.1024
-
cpe:2.3:a:google:chrome:4.1.249.1025
-
cpe:2.3:a:google:chrome:4.1.249.1026
-
cpe:2.3:a:google:chrome:4.1.249.1027
-
cpe:2.3:a:google:chrome:4.1.249.1028
-
cpe:2.3:a:google:chrome:4.1.249.1029
-
cpe:2.3:a:google:chrome:4.1.249.1030
-
cpe:2.3:a:google:chrome:4.1.249.1031
-
cpe:2.3:a:google:chrome:4.1.249.1032
-
cpe:2.3:a:google:chrome:4.1.249.1033
-
cpe:2.3:a:google:chrome:4.1.249.1034
-
cpe:2.3:a:google:chrome:4.1.249.1035