CVE-2010-5070

Published: Dec 7, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073.

Affected (12)

Products: Apple: Safari

Apple

1 product

Safari

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Version 4.0.0b
Apple Safari	Version 4.0.1
Apple Safari	Version 4.0.2
Apple Safari	Version 4.0.3
Apple Safari	Version 4.0.4
Apple Safari	Version 4.0.5
Apple Safari	Version 4.0
Apple Safari	Version 4.0 beta
Apple Safari	Version 4.1.1
Apple Safari	Version 4.1.2
Apple Safari	Version 4.1.3
Apple Safari	Version 4.1

Related CWEs

CWE-264

References (2)

http://w2spconf.com/2010/papers/p26.pdf

Source: cve@mitre.org

Exploit

http://w2spconf.com/2010/papers/p26.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.