CVE-2010-1772
Publication date 24 September 2010
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
Status
Package | Ubuntu Release | Status |
---|---|---|
chromium-browser | 11.10 oneiric |
Not affected
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Fixed 6.0.472.62~r59676-0ubuntu0.10.04.1
|
|
9.10 karmic | Not in release | |
9.04 jaunty | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release | |
qt4-x11 | 11.10 oneiric |
Not affected
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid | Ignored end of life | |
9.10 karmic | Ignored end of life | |
9.04 jaunty | Ignored end of life | |
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper |
Not affected
|
|
webkit | 11.10 oneiric |
Not affected
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Fixed 1.2.5-0ubuntu0.10.04.1
|
|
9.10 karmic |
Fixed 1.2.5-0ubuntu0.9.10.1
|
|
9.04 jaunty | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
6.06 LTS dapper | Not in release |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |