CVE-2010-3116

NameCVE-2010-3116
DescriptionMultiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie (security), jessie57.0.2987.98-1~deb8u1fixed
stretch70.0.3538.110-1~deb9u1fixed
stretch (security)71.0.3578.80-1~deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)5.0.375.127~r55887-1high
webkitsource(unstable)1.2.5-1high

Notes

[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
http://trac.webkit.org/changeset/64293
https://bugs.webkit.org/show_bug.cgi?id=43147
https://bugs.webkit.org/show_bug.cgi?id=43888
http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series

Search for package or bug name: Reporting problems