New Search

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822 as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112 does not properly handle whitespace at the beginning of a URL which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL as demonstrated by a \x00javascript:alert sequence.

oval:org.mitre.oval:def:14067

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822 as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112 does not properly handle whitespace at the beginning of a URL which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL as demonstrated by a \x00javascript:alert sequence.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2010-1236
Product(s):
  • Google Chrome