CVE-2009-1681 in Ubuntu

CVE-2009-1681

Priority

Description

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone
OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading
third-party content into a subframe, which allows remote attackers to
bypass the Same Origin Policy and conduct "clickjacking" attacks via a
crafted HTML document.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1681

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793

Assigned-to

micahg

Notes

jdstrand	webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur	code doesn't seem present in kdelibs. this code implements X-FRAME-OPTIONS (in ie8, not in firefox) this is new functionality

Package

Source: qt4-x11 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (4.5.2-0ubuntu5)

Patches:

Package

Source: webkit (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (1.1.12-1ubuntu1)

Patches:

Upstream:

http://trac.webkit.org/changeset/42333

More Information

Updated: 2022-02-10 23:37:18 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)