PublicDateAtUSN: 2010-11-22 Candidate: CVE-2010-3813 PublicDate: 2010-11-22 13:00:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 https://ubuntu.com/security/notices/USN-1195-1 Description: The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. Ubuntu-Description: Notes: jdstrand> qt4-x11 unmaintained upstream (see README.webkit for details) Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: Patches_webkit: upstream_webkit: released (1.2.6) dapper_webkit: DNE hardy_webkit: ignored (reached end-of-life) karmic_webkit: ignored (reached end-of-life) lucid_webkit: released (1.2.7-0ubuntu0.10.04.1) maverick_webkit: released (1.2.7-0ubuntu0.10.10.1) natty_webkit: not-affected oneiric_webkit: not-affected precise_webkit: not-affected quantal_webkit: not-affected raring_webkit: not-affected saucy_webkit: not-affected trusty_webkit: DNE trusty/esm_webkit: DNE utopic_webkit: DNE vivid_webkit: DNE vivid/stable-phone-overlay_webkit: DNE vivid/ubuntu-core_webkit: DNE wily_webkit: DNE xenial_webkit: DNE yakkety_webkit: DNE devel_webkit: DNE Patches_webkitgtk: upstream_webkitgtk: needs-triage lucid_webkitgtk: DNE precise_webkitgtk: DNE quantal_webkitgtk: DNE saucy_webkitgtk: DNE trusty_webkitgtk: not-affected (2.4.8-1ubuntu1~ubuntu14.04.1) trusty/esm_webkitgtk: DNE (trusty was not-affected [2.4.8-1ubuntu1~ubuntu14.04.1]) utopic_webkitgtk: ignored (reached end-of-life) vivid_webkitgtk: ignored (reached end-of-life) vivid/stable-phone-overlay_webkitgtk: DNE vivid/ubuntu-core_webkitgtk: DNE wily_webkitgtk: not-affected (2.4.9-2ubuntu2) xenial_webkitgtk: not-affected (2.4.9-2ubuntu2) yakkety_webkitgtk: not-affected (2.4.9-2ubuntu2) devel_webkitgtk: not-affected (2.4.9-2ubuntu2) Patches_qt4-x11: upstream_qt4-x11: needs-triage dapper_qt4-x11: not-affected (no webkit) hardy_qt4-x11: not-affected (no webkit) karmic_qt4-x11: ignored (reached end-of-life) lucid_qt4-x11: ignored (see notes) maverick_qt4-x11: not-affected (webkit isn't built) natty_qt4-x11: not-affected (webkit isn't built) oneiric_qt4-x11: not-affected (webkit isn't built) precise_qt4-x11: not-affected (webkit isn't built) quantal_qt4-x11: not-affected (webkit isn't built) raring_qt4-x11: not-affected (webkit isn't built) saucy_qt4-x11: not-affected (webkit isn't built) trusty_qt4-x11: not-affected (webkit isn't built) trusty/esm_qt4-x11: not-affected (webkit isn't built) utopic_qt4-x11: not-affected (webkit isn't built) vivid_qt4-x11: not-affected (webkit isn't built) vivid/stable-phone-overlay_qt4-x11: DNE vivid/ubuntu-core_qt4-x11: DNE wily_qt4-x11: not-affected (webkit isn't built) xenial_qt4-x11: not-affected (webkit isn't built) esm-infra/xenial_qt4-x11: not-affected (webkit isn't built) yakkety_qt4-x11: not-affected (webkit isn't built) devel_qt4-x11: not-affected (webkit isn't built) Patches_qtwebkit-source: upstream_qtwebkit-source: needs-triage dapper_qtwebkit-source: DNE hardy_qtwebkit-source: DNE karmic_qtwebkit-source: DNE lucid_qtwebkit-source: DNE maverick_qtwebkit-source: ignored (reached end-of-life) natty_qtwebkit-source: ignored (reached end-of-life) oneiric_qtwebkit-source: ignored (reached end-of-life) precise_qtwebkit-source: ignored (no update available) quantal_qtwebkit-source: ignored (reached end-of-life) raring_qtwebkit-source: ignored (reached end-of-life) saucy_qtwebkit-source: ignored (reached end-of-life) trusty_qtwebkit-source: ignored (no update available) trusty/esm_qtwebkit-source: DNE (trusty was ignored [no update available]) utopic_qtwebkit-source: ignored (reached end-of-life) vivid_qtwebkit-source: ignored (reached end-of-life) vivid/stable-phone-overlay_qtwebkit-source: DNE vivid/ubuntu-core_qtwebkit-source: DNE wily_qtwebkit-source: ignored (reached end-of-life) xenial_qtwebkit-source: ignored (no update available) yakkety_qtwebkit-source: ignored (no update available) devel_qtwebkit-source: ignored (no update available)