Access Restriction Bypass The advisory has been revoked - it doesn't affect any version of package qt4-x11  (opens in a new tab)


Threat Intelligence

EPSS
0.56% (78th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU1510-QT4X11-662685
  • published10 Sept 2020
  • disclosed22 Nov 2010

Introduced: 22 Nov 2010

CVE-2010-3813  (opens in a new tab)
CWE-264  (opens in a new tab)

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:15.10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream qt4-x11 package and not the qt4-x11 package as distributed by Ubuntu.

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.