CVE-2009-2816
Publication date 13 November 2009
Last updated 24 July 2024
Ubuntu priority
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
Status
Package | Ubuntu Release | Status |
---|---|---|
qt4-x11 | ||
webkit | ||
Notes
jdstrand
webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit