CVE-2009-1713

Published: 10 June 2009

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

Priority

Medium

Status

Package Release Status
qt4-x11
Launchpad, Ubuntu, Debian
Upstream Needs triage

webkit
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://trac.webkit.org/changeset/34533

Notes

AuthorNote
jdstrand
webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur
code does not appear present in kde4libs

References

Bugs