Bug 655971 - VUL-1: libwebkit: remote bypass of pop-up blocker
VUL-1: libwebkit: remote bypass of pop-up blocker
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: E-mail List
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-11-25 12:35 UTC by Thomas Biege
Modified: 2011-01-06 22:57 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2010-11-25 12:35:19 UTC
Hi.
There is a security bug in package 'libwebkit'.

This bug is public.

There is no coordinated release date (CRD) set.

More information can be found here:
	https://bugzilla.redhat.com/show_bug.cgi?id=657099

CVE number: CVE-2010-4037
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4037
CVSS v2 Base Score: 3.7 (moderate) (AV:L/AC:H/Au:N/C:P/I:P/A:P)
Insufficient Information (CWE-noinfo)


Original posting:


https://bugzilla.redhat.com/show_bug.cgi?id=657099

Vincent Danen 2010-11-24 17:02:20 EST

Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4037 to
the following vulnerability:


Name: CVE-2010-4037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4037
Assigned: 20101021
Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=53002
Reference: CONFIRM:
http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html
Reference: BID:44241
Reference: URL: http://www.securityfocus.com/bid/44241
Reference: SECUNIA:41888
Reference: URL: http://secunia.com/advisories/41888
Reference: VUPEN:ADV-2010-2731
Reference: URL: http://www.vupen.com/english/advisories/2010/2731

Unspecified vulnerability in Google Chrome before 7.0.517.41 allows
remote attackers to bypass the pop-up blocker via unknown vectors.


It is unclear to me as of yet whether this does affect webkitgtk; the code
looks like it may be applicable but due to how Chrome handles things
differently, it is possible this is Chrome-specific.  It needs further
investigation.

Additional references:

Bugzilla: https://bugs.webkit.org/show_bug.cgi?id=45369
Trac: http://trac.webkit.org/changeset/67716
Comment 1 Thomas Biege 2010-11-29 14:54:28 UTC
P5->P3 mass change
Comment 2 Vincent Untz 2011-01-03 15:19:45 UTC
This code does not seem to be in webkit-gtk 1.2.x, so the issue won't affect 11.3 and earlier.

The code is in Factory, but it already features a fixed version (the fix changed a bit later, so the changeset mentioned here is not really a good indicator, see http://trac.webkit.org/changeset/69924/trunk/WebCore/loader/NavigationScheduler.cpp)