CVE-2009-1686

Priority
Medium
Description
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone
OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka
const) declarations in a type-conversion operation during JavaScript
exception handling, which allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption and application crash) via
a crafted HTML document.
References
Bugs
Notes
 jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
  it, while qt4-x11 attempts to unify khtml and webkit
 mdeslaur> code doesn't seem present in kde4libs
 mdeslaur> code not present in webkit in intrepid+
 mdeslaur> code is different in hardy, need to check with test case
 mdeslaur> in qt4-x11, code doesn't seem present
Assigned-to
micahg
Package
Upstream:needs-triage
Patches:
Upstream:http://trac.webkit.org/changeset/31431
Package
Upstream:needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:35:49 UTC (commit 9756)