CVE-2010-1386

Priority
Medium
Description
page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5
does not properly restrict access to the lastPosition function, which has
unspecified impact and remote attack vectors, aka rdar problem 7746357.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
http://www.ubuntu.com/usn/usn-1006-1
Bugs
https://bugs.webkit.org/show_bug.cgi?id=36255
Notes
jdstrand> qt4-x11 unmaintained upstream (see README.webkit for details)
jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit.
mdeslaur> webkitkde is a wrapper around qt4-x11's webkit.
Assigned-to
micahg
Package
Source: webkit (LP Ubuntu Debian)
Upstream:released (1.2.3)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.2.5-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):not-affected (1.2.4-1ubuntu1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (1.2.4-1ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.2.4-1ubuntu1)
Patches:
Upstream:http://trac.webkit.org/changeset/56188
Package
Source: qt4-x11 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected (no webkit)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (see notes)
Ubuntu 11.04 (Natty Narwhal):not-affected (webkit isn't built)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (webkit isn't built)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (webkit isn't built)
Package
Source: chromium-browser (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):ignored (uses its own embedded webkit)
Ubuntu 11.04 (Natty Narwhal):ignored (uses its own embedded webkit)
Ubuntu 11.10 (Oneiric Ocelot):ignored (uses its own embedded webkit)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (uses its own embedded webkit)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:52 UTC (commit 5347)