CVE-2010-2454

NameCVE-2010-2454
DescriptionApple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)(not affected)
webkitsource(unstable)(not affected)

Notes

- webkit <not-affected> (iceweasel/safari-specific issues)
- chromium-browser <not-affected> (iceweasel/safari-specific issues)
i tested both firefox and safari poc's, and neither of them caused the
address bar to be spoofed in either webkit or chrome
this will be address in iceweasel in cve-2010-1206
Search for package or bug name: Reporting problems