CVE-2010-3259 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-3259 Interim 1 5 2023-12-09T01:55:38Z current 2021-05-30T12:53:13Z 2023-12-09T01:55:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-3259 WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C2VK7FPKD3ZEG555N25GLTFTZJJB237A/#C2VK7FPKD3ZEG555N25GLTFTZJJB237A E-Mail link for SUSE-SR:2011:002 https://www.suse.com/support/security/rating/ SUSE Security Ratings WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. CVE-2010-3259 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N