WebKit, as used in Apple Safari prior to 4.1.3 and 5.0.x prior to 5.0.3, Google Chrome prior to 6.0.472.53, and webkitgtk prior to 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote malicious users to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
webkitgtk webkitgtk |
||
apple safari |
||
apple iphone os |
||
canonical ubuntu linux 9.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 10.10 |