Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

FreeBSD Ports: webkit-gtk2

Information

Severity

Severity

Critical

Family

Family

FreeBSD Local Security Checks

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

13 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Insight

Insight

The following package is affected: webkit-gtk2 CVE-2010-1780 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. CVE-2010-1807 WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2, and Android before 2.2, does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. CVE-2010-1812 Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. CVE-2010-1814 WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. CVE-2010-1815 Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. CVE-2010-3113 Google Chrome before 5.0.375.127 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2010-3114 The text-editing implementation in Google Chrome before 5.0.375.127 does not properly perform casts, which has unspecified impact and attack vectors. CVE-2010-3115 Google Chrome before 5.0.375.127 does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors. CVE-2010-3116 Google Chrome before 5.0.375.127 does not properly process MIME types, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2010-3257 Google Chrome before 6.0.472.53 does not properly perform focus handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a 'stale pointer' issue. CVE-2010-3259 Google Chrome before 6.0.472.53 does not properly restrict read access to images, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information via unspecified vectors.

Solution

Solution

Update your system with the appropriate patches or software upgrades. http://gitorious.org/webkitgtk/stable/blobs/master/WebKit/gtk/NEWS http://www.vuxml.org/freebsd/e5090d2a-dbbe-11df-82f8-0015f2db7bde.html