CVE-2010-1416

Published: Jun 11, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."

Affected (8)

Products: Apple: Safari, Webkit

2 products

Configuration A

32 platform

Running on/with	Platform Versions
Apple Mac Os X	Version 10.5.0
Apple Mac Os X	Version 10.5.1
Apple Mac Os X	Version 10.5.2
Apple Mac Os X	Version 10.5.3
Apple Mac Os X	Version 10.5.4
Apple Mac Os X	Version 10.5.5
Apple Mac Os X	Version 10.5.6
Apple Mac Os X	Version 10.5.7
Apple Mac Os X	Version 10.5.8
Apple Mac Os X	Version 10.5
Apple Mac Os X	Version 10.6.0
Apple Mac Os X	Version 10.6.1
Apple Mac Os X	Version 10.6.2
Apple Mac Os X	Version 10.6.3
Apple Mac Os X Server	Version 10.5.0
Apple Mac Os X Server	Version 10.5.1
Apple Mac Os X Server	Version 10.5.2
Apple Mac Os X Server	Version 10.5.3
Apple Mac Os X Server	Version 10.5.4
Apple Mac Os X Server	Version 10.5.5
Apple Mac Os X Server	Version 10.5.6
Apple Mac Os X Server	Version 10.5.7
Apple Mac Os X Server	Version 10.5.8
Apple Mac Os X Server	Version 10.5
Apple Mac Os X Server	Version 10.6.0
Apple Mac Os X Server	Version 10.6.1
Apple Mac Os X Server	Version 10.6.2
Apple Mac Os X Server	Version 10.6.3
Microsoft Windows 7	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Configuration B

8 vulnerable · 26 platform

Vulnerable Software	Affected Versions
Apple Safari	Up to 4.0.5
Apple Safari	Version 4.0.0b
Apple Safari	Version 4.0.1
Apple Safari	Version 4.0.2
Apple Safari	Version 4.0.3
Apple Safari	Version 4.0.4
Apple Safari	Version 4.0
Apple Webkit	All versions

Running on/with	Platform Versions
Apple Mac Os X	Version 10.4.0
Apple Mac Os X	Version 10.4.10
Apple Mac Os X	Version 10.4.11
Apple Mac Os X	Version 10.4.1
Apple Mac Os X	Version 10.4.2
Apple Mac Os X	Version 10.4.3
Apple Mac Os X	Version 10.4.4
Apple Mac Os X	Version 10.4.5
Apple Mac Os X	Version 10.4.6
Apple Mac Os X	Version 10.4.7
Apple Mac Os X	Version 10.4.8
Apple Mac Os X	Version 10.4.9
Apple Mac Os X	Version 10.4
Apple Mac Os X Server	Version 10.4.0
Apple Mac Os X Server	Version 10.4.10
Apple Mac Os X Server	Version 10.4.11
Apple Mac Os X Server	Version 10.4.1
Apple Mac Os X Server	Version 10.4.2
Apple Mac Os X Server	Version 10.4.3
Apple Mac Os X Server	Version 10.4.4
Apple Mac Os X Server	Version 10.4.5
Apple Mac Os X Server	Version 10.4.6
Apple Mac Os X Server	Version 10.4.7
Apple Mac Os X Server	Version 10.4.8
Apple Mac Os X Server	Version 10.4.9
Apple Mac Os X Server	Version 10.4

Related CWEs

References (48)

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

Source: product-security@apple.com

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: product-security@apple.com

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: product-security@apple.com

http://secunia.com/advisories/40105

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/40196

Source: product-security@apple.com

http://secunia.com/advisories/41856

Source: product-security@apple.com

http://secunia.com/advisories/42314

Source: product-security@apple.com

http://secunia.com/advisories/43068

Source: product-security@apple.com

http://securitytracker.com/id?1024067

Source: product-security@apple.com

http://support.apple.com/kb/HT4196

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT4220

Source: product-security@apple.com

http://support.apple.com/kb/HT4225

Source: product-security@apple.com

http://support.apple.com/kb/HT4456

Source: product-security@apple.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: product-security@apple.com

http://www.securityfocus.com/bid/40620

Source: product-security@apple.com

Patch

http://www.ubuntu.com/usn/USN-1006-1

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2010/1373

Source: product-security@apple.com

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/1512

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2010/2722

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0212

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0552

Source: product-security@apple.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7401

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40105

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/40196

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/41856

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42314

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1024067

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4196

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT4220

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4225

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4456

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/40620

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.ubuntu.com/usn/USN-1006-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1373

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/1512

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2722

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0552

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7401

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.