Bug#520052: webkit: CVE-2008-4723 cross-site scripting vulnerability

Michael Gilbert michael.s.gilbert at gmail.com
Tue Mar 17 02:28:04 UTC 2009

package: libwebkit-1.0-1
severity: grave
tags: security

it has been found that webkit is vulnerable to a cross-site scripting
vulnerability, see CVE-2008-4723 [1].

note that certain extensions are protected and others are not.  for
example, the attack does not work for files with the jpg or txt
extension.  however, the attack seems to work for general extensions
such as odp, xls, etc (probably because webkit does not have a proper
download that would appropriately handle general extensions yet).

if you fix these vulnerabilities, please make sure to include the CVE
id in your changelog.  please contact the security team to coordinate
a fix for stable and/or if you have any questions.


[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4723

More information about the Pkg-webkit-maintainers mailing list