Bug#520052: webkit: CVE-2008-4723 cross-site scripting vulnerability
mh at glandium.org
Tue Mar 17 06:34:22 UTC 2009
On Mon, Mar 16, 2009 at 10:28:04PM -0400, Michael Gilbert wrote:
> package: libwebkit-1.0-1
> severity: grave
> tags: security
> it has been found that webkit is vulnerable to a cross-site scripting
> vulnerability, see CVE-2008-4723 .
> note that certain extensions are protected and others are not. for
> example, the attack does not work for files with the jpg or txt
> extension. however, the attack seems to work for general extensions
> such as odp, xls, etc (probably because webkit does not have a proper
> download that would appropriately handle general extensions yet).
> if you fix these vulnerabilities, please make sure to include the CVE
> id in your changelog. please contact the security team to coordinate
> a fix for stable and/or if you have any questions.
>  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4723
This sounds very exagerated. Basically, what happens is that browsers
don't care about the file extension when dealing with these, and "sniff"
the real content. But in the end, the so-called attack could be done
with an http server serving .jpeg files with a text/html mime type.
Nothing new, and nothing that sounds like a real security threat.
More information about the Pkg-webkit-maintainers