Bug 676209 (CVE-2011-0778)

Summary: CVE-2011-0778 WebKit: restrict cross-origin drag+drop in WebKit
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: huzaifas, kevin, martin.sourada, mathstuf, mtasaka, stransky, vkrizan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20110203,reported=20110203,source=google,cvss2=3.7/AV:L/AC:H/Au:N/C:P/I:P/A:P,rhel-6.0.z/webkitgtk=wontfix,fedora-13/webkitgtk=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-05 04:20:58 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 676213    
Bug Blocks: 806808    

Description Huzaifa S. Sidhpurwala 2011-02-08 23:24:08 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0778 to
the following vulnerability:

Name: CVE-2011-0778
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0778
Assigned: 20110204
Reference: CONFIRM:http://code.google.com/p/chromium/issues/detail?id=59081
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html

Google Chrome before 9.0.597.84 does not properly restrict drag and
drop operations, which might allow remote attackers to bypass the Same
Origin Policy via unspecified vectors.

This is fixed in webkitgtk 1.2.7
Comment 1 Huzaifa S. Sidhpurwala 2011-02-08 23:41:18 EST
Created webkitgtk tracking bugs for this issue

Affects: fedora-13 [bug 676213]