CVE-2009-1713

Published: 10 June 2009

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

Priority

Medium

Status

Package Release Status
qt4-x11
Launchpad, Ubuntu, Debian 		Upstream Needs triage

webkit
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Patches:
Upstream: http://trac.webkit.org/changeset/34533

Notes

AuthorNote
jdstrand 
webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur 
code does not appear present in kde4libs

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading