CVE-2009-1696
Published: 10 June 2009
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
Notes
| Author | Note |
|---|---|
| jdstrand | webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
| mdeslaur | code doesn't seem present in kde4libs |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
qt4-x11 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(no webkit)
|
| hardy |
Not vulnerable
(no webkit)
|
|
| intrepid |
Not vulnerable
(code not present)
|
|
| jaunty |
Not vulnerable
(4.5.0-0ubuntu4.2)
|
|
| upstream |
Needs triage
|
|
|
webkit Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Not vulnerable
(code not present)
|
|
| intrepid |
Not vulnerable
(code not present)
|
|
| jaunty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://trac.webkit.org/changeset/39510 upstream: http://trac.webkit.org/changeset/39553 |
||