CVE-2010-1386

Priority
Medium
Description
page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5
does not properly restrict access to the lastPosition function, which has
unspecified impact and remote attack vectors, aka rdar problem 7746357.
References
Bugs
Notes
 jdstrand> qt4-x11 unmaintained upstream (see README.webkit for details)
 jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
  it, while qt4-x11 attempts to unify khtml and webkit.
 mdeslaur> webkitkde is a wrapper around qt4-x11's webkit.
Assigned-to
micahg
Package
Upstream:released (1.2.3)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.2.4-1ubuntu1)
Patches:
Upstream:http://trac.webkit.org/changeset/56188
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (webkit isn't built)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):ignored (uses its own embedded webkit)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:38:18 UTC (commit 9756)