CVE-2010-5070 - Vulnerability Details

Vendors	Products
Apple	Safari

Link	Providers
http://w2spconf.com/2010/papers/p26.pdf

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264.  NOTE: this may overlap CVE-2010-5073."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-12-07T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://w2spconf.com/2010/papers/p26.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-5070", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264.  NOTE: this may overlap CVE-2010-5073."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://w2spconf.com/2010/papers/p26.pdf", "refsource": "MISC", "url": "http://w2spconf.com/2010/papers/p26.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:09:38.776Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://w2spconf.com/2010/papers/p26.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-5070", "datePublished": "2011-12-07T19:00:00Z", "dateReserved": "2011-12-07T00:00:00Z", "dateUpdated": "2024-09-17T01:51:02.646Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2011-12-07T19:00:00Z (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://w2spconf.com/2010/papers/p26.pdf (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2010-5070 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://w2spconf.com/2010/papers/p26.pdf (string)

refsource : MISC (string)

url : http://w2spconf.com/2010/papers/p26.pdf (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T04:09:38.776Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://w2spconf.com/2010/papers/p26.pdf (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2010-5070 (string)

datePublished : 2011-12-07T19:00:00Z (string)

dateReserved : 2011-12-07T00:00:00Z (string)

dateUpdated : 2024-09-17T01:51:02.646Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:*", "matchCriteriaId": "9DC87F61-3463-468A-BF0B-070816BBC3CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*", "matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "73E9C17F-C99E-4ABB-B312-31F87BC0C0E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "46D8318A-9383-42A7-9A6A-2EB2736338B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "79DC6C51-CEEA-4CBF-87D2-8007B7C3D67F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7B6AD89-D60C-4C8F-A9E6-4380A6B8DB13", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B2451165-7831-426E-BA07-B3A57F3589C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "211A142A-CB1E-48DC-AEA1-096F3E750063", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264.  NOTE: this may overlap CVE-2010-5073."}, {"lang": "es", "value": "La ejecuci\u00f3n de JavaScript en Apple Safari v4, no restringe adecuadamente el conjunto de valores contenidos en el objeto devuelto por el m\u00e9todo getComputedStyle, lo que permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las p\u00e1ginas web visitadas por llamar a este m\u00e9todo. Una vulnerabilidad diferente de CVE-2010-2264. Esto puede solaparse con CVE-2010-5073."}], "id": "CVE-2010-5070", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-12-07T19:55:01.423", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://w2spconf.com/2010/papers/p26.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://w2spconf.com/2010/papers/p26.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:* (string)

matchCriteriaId : 9DC87F61-3463-468A-BF0B-070816BBC3CA (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:* (string)

matchCriteriaId : 02EAC196-AE43-4787-9AF9-E79E2E1BBA46 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 36EA71E0-63F7-46FF-AF11-792741F27628 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 80E36485-565D-4FAA-A6AD-57DF42D47462 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 73E9C17F-C99E-4ABB-B312-31F87BC0C0E8 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 46D8318A-9383-42A7-9A6A-2EB2736338B7 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 79DC6C51-CEEA-4CBF-87D2-8007B7C3D67F (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C7B6AD89-D60C-4C8F-A9E6-4380A6B8DB13 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : B2451165-7831-426E-BA07-B3A57F3589C5 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:apple:safari:4.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 211A142A-CB1E-48DC-AEA1-096F3E750063 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. (string)

}

1 : { »

lang : es (string)

value : La ejecución de JavaScript en Apple Safari v4, no restringe adecuadamente el conjunto de valores contenidos en el objeto devuelto por el método getComputedStyle, lo que permite a atacantes remotos obtener información sensible acerca de las páginas web visitadas por llamar a este método. Una vulnerabilidad diferente de CVE-2010-2264. Esto puede solaparse con CVE-2010-5073. (string)

}

]

id : CVE-2010-5070 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2011-12-07T19:55:01.423 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

]

url : http://w2spconf.com/2010/papers/p26.pdf (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

]

url : http://w2spconf.com/2010/papers/p26.pdf (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object