CVE-2009-1724

NameCVE-2009-1724
DescriptionCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs538402

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kde4libs (PTS)jessie, jessie (lts)4:4.14.2-5+deb8u3vulnerable
stretch (lts), stretch4:4.14.26-2+deb9u1vulnerable
buster4:4.14.38-3vulnerable
qt4-x11 (PTS)jessie, jessie (lts)4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u5fixed
stretch (security)4:4.8.7+dfsg-11+deb9u3fixed
stretch (lts), stretch4:4.8.7+dfsg-11+deb9u4fixed
buster (security), buster, buster (lts)4:4.8.7+dfsg-18+deb10u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kde4libssource(unstable)(unfixed)unimportant
kdelibssource(unstable)(unfixed)unimportant
qt4-x11sourceetch(not affected)
qt4-x11source(unstable)(not affected)
webkitsource(unstable)1.1.13-1low538402

Notes

- qt4-x11 <not-affected> (bug #538403)
[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/

Search for package or bug name: Reporting problems