Vulnerability Details : CVE-2010-0051
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.
Products affected by CVE-2010-0051
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0051
2.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0051
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-0051
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0051
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT4070
About the security content of Safari 4.0.5 - Apple SupportVendor Advisory
-
http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html
Security: Generic cross-browser cross-domain theft
-
http://secunia.com/advisories/43068
Sign in
-
http://osvdb.org/62944
-
http://www.vupen.com/english/advisories/2010/2722
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0212
Webmail | OVH- OVH
-
http://support.apple.com/kb/HT4456
About the security content of iOS 4.2 - Apple Support
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56837
Apple Safari stylesheet information disclosure CVE-2010-0051 Vulnerability Report
-
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Apple - Lists.apple.comVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:002
-
http://www.ubuntu.com/usn/USN-1006-1
USN-1006-1: WebKit vulnerabilities | Ubuntu security notices
-
http://support.apple.com/kb/HT4225
About the security content of iOS 4 - Apple Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7554
Repository / Oval Repository
-
http://secunia.com/advisories/41856
Sign in
-
http://www.securityfocus.com/bid/38671
RETIRED: Apple Safari Prior to 4.0.5 Multiple Security VulnerabilitiesPatch
-
http://www.vupen.com/english/advisories/2011/0552
Webmail | OVH- OVH
-
http://websec.sv.cmu.edu/css/css.pdf
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
mandriva.com
-
http://code.google.com/p/chromium/issues/detail?id=9877
9877 - Security: cross domain thefts via CSS string property injection - chromium - Monorail
-
http://secunia.com/advisories/42314
Sign in
-
http://www.securitytracker.com/id?1023708
Apple Safari WebKit Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Apple - Lists.apple.com
Jump to