CVE-2010-3115

NameCVE-2010-3115
DescriptionGoogle Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs599830

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie (security), jessie57.0.2987.98-1~deb8u1fixed
stretch70.0.3538.110-1~deb9u1fixed
stretch (security)71.0.3578.80-1~deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)5.0.375.127~r55887-1high
webkitsource(unstable)1.2.5-1high599830

Notes

[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
http://trac.webkit.org/changeset/63925
http://trac.webkit.org/changeset/64077
only partially fixed: only 64077 applied in 1.2.4-1

Search for package or bug name: Reporting problems