New Search

WebKit as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier does not prevent capture of data about the time required for image loading which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code as demonstrated by visipisi.

oval:org.mitre.oval:def:14098

WebKit as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier does not prevent capture of data about the time required for image loading which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code as demonstrated by visipisi.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows XP
  • Microsoft Windows 7
  • Microsoft Windows 2000
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
  • Microsoft Windows Vista
Class:
vulnerability
Reference(s):
  • CVE-2011-4692
Product(s):
  • Apple Safari
  • Google Chrome