CVE-2009-2200

Publication date 12 August 2009

Last updated 24 July 2024


Ubuntu priority

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

Read the notes from the security team

Status

Package Ubuntu Release Status
kde4libs 9.04 jaunty Ignored end of life, was needs-triage
8.10 intrepid Ignored end of life, was needs-triage
8.04 LTS hardy Ignored end of life, was needs-triage
6.06 LTS dapper Not in release
kdelibs 9.04 jaunty Ignored end of life, was needs-triage
8.10 intrepid Ignored end of life, was needs-triage
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life
qt4-x11 9.04 jaunty Ignored end of life, was needs-triage
8.10 intrepid Ignored end of life, was needs-triage
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life, was needs-triage
webkit 9.04 jaunty Ignored end of life, was needs-triage
8.10 intrepid Ignored end of life, was needs-triage
8.04 LTS hardy Ignored end of life, was needs-triage
6.06 LTS dapper Not in release

Notes


mdeslaur

appears to be mac/win specific

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
webkit