CVE-2010-2454 - Vulnerability Details - OpenCVE

Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Safari

Configuration 1 [-]

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html
https://bugzilla.mozilla.org/show_bug.cgi?id=556957
https://exchange.xforce.ibmcloud.com/vulnerabilities/59830

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-06-25T19:00:00

Updated: 2024-08-07T02:32:16.636Z

Reserved: 2010-06-25T00:00:00

Link: CVE-2010-2454

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-06-25T19:30:01.670

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-2454

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=556957"}, {"tags": ["x_refsource_MISC"], "url": "http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html"}, {"name": "safari-html-spoofing(59830)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59830"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2454", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=556957", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=556957"}, {"name": "http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html", "refsource": "MISC", "url": "http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html"}, {"name": "safari-html-spoofing(59830)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59830"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:32:16.636Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=556957"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html"}, {"name": "safari-html-spoofing(59830)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59830"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2454", "datePublished": "2010-06-25T19:00:00", "dateReserved": "2010-06-25T00:00:00", "dateUpdated": "2024-08-07T02:32:16.636Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206."}, {"lang": "es", "value": "Apple Safari no dirige maneja adecuadamente la barra de direcci\u00f3n entre la petici\u00f3n para abrir una URL y recuperar el contenido de nuevos documentos, lo que puede permitir a atacantes remotos conducir ataques spoofing a trav\u00e9s de un documento HTML manipulado,relacionado con el comportamiento de CVE-2010-1206."}], "id": "CVE-2010-2454", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-06-25T19:30:01.670", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=556957"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=556957"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59830"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}