Bug#538402: CVE-2009-1724: Cross-site scripting (XSS) vulnerability in WebKit

Luciano Bello luciano at debian.org
Sat Jul 25 15:21:44 UTC 2009

Package: webkit
Version: 1.1.10-2
Severity: grave
Tags: security

the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.

| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari
| before 4.0.2 allows remote attackers to inject arbitrary web script or
| HTML via vectors related to parent and top objects.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1724
[1] http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/

More information about the Pkg-webkit-maintainers mailing list