CVE-2009-1695 in Ubuntu

CVE-2009-1695

Priority

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through
2.2.1 allows remote attackers to inject arbitrary web script or HTML via
vectors involving access to frame contents after completion of a page
transition.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1695

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793

Assigned-to

micahg

Notes

jdstrand	webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur	code doesn't seem present in kde4libs code is different in hardy-jaunty, need to check with regression tests.

Package

Source: qt4-x11 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (4.5.2-0ubuntu5)

Patches:

Package

Source: webkit (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (1.1.12-1ubuntu1)

Patches:

Upstream:

http://trac.webkit.org/changeset/42223

More Information

Updated: 2022-02-10 23:37:20 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)