CVE-2010-1761

Priority
Low
Description
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS
X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via vectors involving HTML document subtrees.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
http://www.ubuntu.com/usn/usn-1006-1
Bugs
https://bugs.webkit.org/show_bug.cgi?id=37760
Notes
jdstrand> qt4-x11 unmaintained upstream (see README.webkit for details)
jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit.
mdeslaur> webkitkde is a wrapper around qt4-x11's webkit.
Assigned-to
micahg
Package
Source: webkit (LP Ubuntu Debian)
Upstream:released (1.2.3)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.2.5-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):not-affected (1.2.4-1ubuntu1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (1.2.4-1ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.2.4-1ubuntu1)
Patches:
Upstream:http://trac.webkit.org/changeset/59263
Package
Source: qt4-x11 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected (no webkit)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (see notes)
Ubuntu 11.04 (Natty Narwhal):not-affected (webkit isn't built)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (webkit isn't built)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (webkit isn't built)
Package
Source: chromium-browser (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):ignored (uses its own embedded webkit)
Ubuntu 11.04 (Natty Narwhal):ignored (uses its own embedded webkit)
Ubuntu 11.10 (Oneiric Ocelot):ignored (uses its own embedded webkit)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (uses its own embedded webkit)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:58 UTC (commit 5347)