CVE-2010-0656

Currently unrated

Key Information:

Vendor: Apple
Status: Webkit; Chrome
Vendor: CVE Published:; 18 February 2010

Summary

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://googlechromereleases.blogspot.com/2010/01/stable-c...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2010/2722

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Feb 18, 2010
Vulnerability Reserved
Feb 18, 2010