CVE-2009-1684 in Ubuntu

CVE-2009-1684

Priority

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through
2.2.1 allows remote attackers to inject arbitrary web script or HTML via an
event handler that triggers script execution in the context of the next
loaded document.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1684

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793

Assigned-to

micahg

Notes

jdstrand	webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur	code does not seem present in kde4libs

Package

Source: qt4-x11 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (4.5.2-0ubuntu5)

Patches:

Package

Source: webkit (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (1.1.12-1ubuntu1)

Patches:

Upstream:

http://trac.webkit.org/changeset/42365

More Information

Updated: 2022-02-10 23:37:18 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)