CVE-2010-3116

NameCVE-2010-3116
DescriptionMultiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)5.0.375.127~r55887-1
webkitsource(unstable)1.2.5-1

Notes

[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
http://trac.webkit.org/changeset/64293
https://bugs.webkit.org/show_bug.cgi?id=43147
https://bugs.webkit.org/show_bug.cgi?id=43888
http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series

Search for package or bug name: Reporting problems