WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
Max CVSS
5.0
EPSS Score
3.96%
Published
2010-01-14
Updated
2017-09-19
1 vulnerabilities found