AppleCVELIST:CVE-2010-3813CVE-2010-3813
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.
References
lists.apple.com/archives/security-announce/2010//Nov/msg00002.html
lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html
lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
secunia.com/advisories/42314
secunia.com/advisories/43068
secunia.com/advisories/43086
support.apple.com/kb/HT4455
support.apple.com/kb/HT4456
trac.webkit.org/changeset/63622
www.mandriva.com/security/advisories?name=MDVSA-2011:039
www.redhat.com/support/errata/RHSA-2011-0177.html
www.vupen.com/english/advisories/2010/3046
www.vupen.com/english/advisories/2011/0212
www.vupen.com/english/advisories/2011/0216
www.vupen.com/english/advisories/2011/0552
bugs.webkit.org/show_bug.cgi?id=42500
bugzilla.redhat.com/show_bug.cgi?id=667024
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12293
Related
