CVE-2010-3813 Information

Description

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element which allows remote attackers to bypass intended access restrictions as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.

Reference

http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://secunia.com/advisories/43086 http://support.apple.com/kb/HT4455 http://support.apple.com/kb/HT4456 http://trac.webkit.org/changeset/63622 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.redhat.com/support/errata/RHSA-2011-0177.html http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2011/0212 http://www.vupen.com/english/advisories/2011/0216 http://www.vupen.com/english/advisories/2011/0552 https://bugs.webkit.org/show_bug.cgi?id=42500 https://bugzilla.redhat.com/show_bug.cgi?id=667024 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12293