CVE-2009-1714 in Ubuntu

CVE-2009-1714

Priority

Description

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in
Apple Safari before 4.0 allows user-assisted remote attackers to inject
arbitrary web script or HTML, and read local files, via vectors related to
the improper escaping of HTML attributes.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1714

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793

Assigned-to

micahg

Notes

jdstrand	webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur	code does not appear present in kde4libs webkit code is different in hardy-jaunty...need to test

Package

Source: qt4-x11 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (4.5.2-0ubuntu5)

Patches:

Package

Source: webkit (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (1.1.12-1ubuntu1)

Patches:

Upstream:

http://trac.webkit.org/changeset/36359

More Information

Updated: 2022-02-10 23:37:23 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)