CVE-2010-3829

WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.

Affected Software

Name	Vendor	Start Version	End Version
Iphone_os	Apple	*	4.1 (including)
Iphone_os	Apple	1.0.0 (including)	1.0.0 (including)
Iphone_os	Apple	1.0.1 (including)	1.0.1 (including)
Iphone_os	Apple	1.0.2 (including)	1.0.2 (including)
Iphone_os	Apple	1.1.0 (including)	1.1.0 (including)
Iphone_os	Apple	1.1.1 (including)	1.1.1 (including)
Iphone_os	Apple	1.1.2 (including)	1.1.2 (including)
Iphone_os	Apple	1.1.3 (including)	1.1.3 (including)
Iphone_os	Apple	1.1.4 (including)	1.1.4 (including)
Iphone_os	Apple	1.1.5 (including)	1.1.5 (including)
Iphone_os	Apple	2.0 (including)	2.0 (including)
Iphone_os	Apple	2.0.0 (including)	2.0.0 (including)
Iphone_os	Apple	2.0.1 (including)	2.0.1 (including)
Iphone_os	Apple	2.0.2 (including)	2.0.2 (including)
Iphone_os	Apple	2.1 (including)	2.1 (including)
Iphone_os	Apple	2.1.1 (including)	2.1.1 (including)
Iphone_os	Apple	2.2 (including)	2.2 (including)
Iphone_os	Apple	2.2.1 (including)	2.2.1 (including)
Iphone_os	Apple	3.0 (including)	3.0 (including)
Iphone_os	Apple	3.0.1 (including)	3.0.1 (including)
Iphone_os	Apple	3.1 (including)	3.1 (including)
Iphone_os	Apple	3.1.2 (including)	3.1.2 (including)
Iphone_os	Apple	3.1.3 (including)	3.1.3 (including)
Iphone_os	Apple	3.2 (including)	3.2 (including)
Iphone_os	Apple	3.2.1 (including)	3.2.1 (including)
Iphone_os	Apple	3.2.2 (including)	3.2.2 (including)
Iphone_os	Apple	4.0 (including)	4.0 (including)
Iphone_os	Apple	4.0.1 (including)	4.0.1 (including)
Iphone_os	Apple	4.0.2 (including)	4.0.2 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3829
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References