Lucene search
Ubuntu.comUB:CVE-2009-2841HistoryNov 13, 2009 - 12:00 a.m.
CVE-2009-2841
2009-11-1300:00:00
ubuntu.com
ubuntu.com
5
0.006 Low
EPSS
Percentile
78.3%
The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in
WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on
Mac OS X, does not perform the expected callbacks for HTML 5 media elements
that have external URLs for media resources, which allows remote attackers
to trigger sub-resource requests to arbitrary web sites via a crafted HTML
document, as demonstrated by an HTML e-mail message that uses a media
element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.
Notes
| Author | Note |
|---|---|
| jdstrand | webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
Related
seebug
seebug
WebKit资源装载回调信息泄漏漏洞
2009-11-16 00:00:00
Safari 4.0.4版本修复多个安全漏洞
2009-11-13 00:00:00
cve
cve
CVE-2009-2841
2009-11-13 15:30:00
debiancve
debiancve
CVE-2009-2841
2009-11-13 15:30:00
prion
prion
Design/Logic Flaw
2009-11-13 15:30:00
cvelist
cvelist
CVE-2009-2841
2009-11-13 15:00:00
nessus
nessus
Fedora 13 : qt-4.6.3-8.fc13 (2010-11011)
2010-07-14 00:00:00
Fedora 12 : qt-4.6.3-8.fc12 (2010-11020)
2010-07-14 00:00:00
Mac OS X : Apple Safari < 4.0.4
2009-11-12 00:00:00
threatpost
threatpost
Apple Plugs Critical iPhone Security Holes
2010-02-02 19:05:36
Apple Patches Critical Safari Vulnerabilities
2009-11-11 21:45:09
openvas
openvas
Fedora Update for qt FEDORA-2010-11011
2010-07-16 00:00:00
Fedora Update for qt FEDORA-2010-11011
2010-07-16 00:00:00
Fedora Update for qt FEDORA-2010-11020
2010-07-16 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: qt-4.6.3-8.fc13
2010-07-13 07:40:16
[SECURITY] Fedora 12 Update: qt-4.6.3-8.fc12
2010-07-13 07:43:47