CVE-2009-1703

Upstream information

CVE-2009-1703 at MITRE

Description

WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	7.1
Vector	AV:N/AC:M/Au:N/C:C/I:N/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	None
Availability Impact	None

SUSE Bugzilla entry: 601349 [RESOLVED]

SUSE Security Advisories:

• SUSE-SR:2011:002, published Tue, 25 Jan 2011 11:00:00 +0000
• openSUSE-SU-2011:0024-1, published Wed, 12 Jan 2011 16:08:25 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.2	libwebkit-1_0-2-debuginfo >= 1.2.6-0.5.1 libwebkit-debugsource >= 1.2.6-0.5.1 webkit-jsc-debuginfo >= 1.2.6-0.5.1
openSUSE 11.2	libwebkit-1_0-2 >= 1.2.6-0.5.1 libwebkit-devel >= 1.2.6-0.5.1 libwebkit-lang >= 1.2.6-0.5.1 webkit-jsc >= 1.2.6-0.5.1
openSUSE 11.3	libwebkit-1_0-2-debuginfo >= 1.2.6-0.2.1 libwebkit-1_0-2-debuginfo-32bit >= 1.2.6-0.2.1 libwebkit-debugsource >= 1.2.6-0.2.1 webkit-jsc-debuginfo >= 1.2.6-0.2.1
openSUSE 11.3	libwebkit-1_0-2 >= 1.2.6-0.2.1 libwebkit-1_0-2-32bit >= 1.2.6-0.2.1 libwebkit-devel >= 1.2.6-0.2.1 libwebkit-lang >= 1.2.6-0.2.1 webkit-jsc >= 1.2.6-0.2.1