| Name | CVE-2010-2454 |
| Description | Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| chromium-browser | source | (unstable) | (not affected) | | | |
| webkit | source | (unstable) | (not affected) | | | |
Notes
- webkit <not-affected> (iceweasel/safari-specific issues)
- chromium-browser <not-affected> (iceweasel/safari-specific issues)
i tested both firefox and safari poc's, and neither of them caused the
address bar to be spoofed in either webkit or chrome
this will be address in iceweasel in cve-2010-1206