CVE-2010-3813

Priority
Description
The WebCore::HTMLLinkElement::process function in
WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before
5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS
X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify
whether DNS prefetching is enabled when processing an HTML LINK element,
which allows remote attackers to bypass intended access restrictions, as
demonstrated by an HTML e-mail message that uses a LINK element for
X-Confirm-Reading-To functionality.
Notes
jdstrandqt4-x11 unmaintained upstream (see README.webkit for details)
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [webkit isn't built])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (webkit isn't built)
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [no update available])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (no update available)
Package
Upstream:released (1.2.6)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [2.4.8-1ubuntu1~ubuntu14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.4.9-2ubuntu2)
More Information

Updated: 2019-12-05 20:55:49 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)