QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3813

Published: Nov 20, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MANDRIVA

FEDORA-2011-0121

vendor-advisory

x_refsource_FEDORA

https://bugzilla.redhat.com/show_bug.cgi?id=667024

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

http://trac.webkit.org/changeset/63622

x_refsource_MISC

http://support.apple.com/kb/HT4455

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

oval:org.mitre.oval:def:12293

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

SUSE-SR:2011:002

vendor-advisory

x_refsource_SUSE

APPLE-SA-2010-11-18-1

vendor-advisory

x_refsource_APPLE

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_VUPEN

http://support.apple.com/kb/HT4456

x_refsource_CONFIRM

https://bugs.webkit.org/show_bug.cgi?id=42500

x_refsource_MISC

APPLE-SA-2010-11-22-1

vendor-advisory

x_refsource_APPLE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.