CVE-2009-1684: XSS
First published: Wed Jun 10 2009(Updated: )
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mobile Safari | =1.1 | |
| Apple Mobile Safari | =1.3.1 | |
| Apple Mobile Safari | =3.2.3 | |
| Apple Mobile Safari | =2.0.2 | |
| Apple Mobile Safari | =3.1 | |
| Apple Mobile Safari | =3.1.2 | |
| Apple Mobile Safari | =3.0 | |
| Apple Mobile Safari | =0.8 | |
| Apple Mobile Safari | =2.0 | |
| Apple Mobile Safari | =3.0.4 | |
| Apple Mobile Safari | =0.9 | |
| Apple Mobile Safari | =3.0.3 | |
| Apple Mobile Safari | =1.3.2 | |
| Apple Mobile Safari | =1.2 | |
| Apple Mobile Safari | <=4.0_beta | |
| Apple Mobile Safari | =3.2.1 | |
| Apple Mobile Safari | =3.0.2 | |
| Apple Mobile Safari | =2.0.4 | |
| Apple Mobile Safari | =3.1.1 | |
| Apple Mobile Safari | =1.0.3 | |
| Apple Mobile Safari | =1.0 | |
| Apple Mobile Safari | =1.3 | |
| Apple Mobile Safari | =3.2 | |
| Apple Mobile Safari | =3.0.1 | |
| Apple Mobile Safari | =3.1.2 | |
| Apple Mobile Safari | <=3.2.3 | |
| Apple Mobile Safari | =3.0.3 | |
| Apple Mobile Safari | =3.0.2 | |
| Apple Mobile Safari | =3.1.1 | |
| Apple Mobile Safari | =3.0 | |
| Apple Mobile Safari | =3.1 | |
| Apple Mobile Safari | =3.2.2 | |
| Apple Mobile Safari | =3.2.1 | |
| Apple Mobile Safari | =3.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2009/1522
- http://support.apple.com/kb/HT3613
- http://securitytracker.com/id?1022344
- http://secunia.com/advisories/35379
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://www.securityfocus.com/bid/35260
- http://osvdb.org/54987
- http://www.vupen.com/english/advisories/2009/1621
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://support.apple.com/kb/HT3639
- http://secunia.com/advisories/37746
- http://www.debian.org/security/2009/dsa-1950
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43068
- http://www.vupen.com/english/advisories/2011/0212
Frequently Asked Questions
What is the severity of CVE-2009-1684?
CVE-2009-1684 has been rated as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2009-1684?
To fix CVE-2009-1684, update Apple Safari to version 4.0 or later, which addresses this vulnerability.
What systems are affected by CVE-2009-1684?
CVE-2009-1684 affects Apple Safari versions prior to 4.0 on both macOS and Windows platforms.
What kind of attacks can exploit CVE-2009-1684?
CVE-2009-1684 can be exploited to perform cross-site scripting attacks, allowing attackers to inject arbitrary web scripts.
Is there any workaround for CVE-2009-1684?
There are no known workarounds for CVE-2009-1684; updating to a secure version is the recommended action.
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple mobile safari
- version/apple mobile safari/1.1
- version/apple mobile safari/1.3.1
- version/apple mobile safari/3.2.3
- version/apple mobile safari/2.0.2
- version/apple mobile safari/3.1
- version/apple mobile safari/3.1.2
- version/apple mobile safari/3.0
- version/apple mobile safari/0.8
- version/apple mobile safari/2.0
- version/apple mobile safari/3.0.4
- version/apple mobile safari/0.9
- version/apple mobile safari/3.0.3
- version/apple mobile safari/1.3.2
- version/apple mobile safari/1.2
- version/apple mobile safari/4.0_beta
- version/apple mobile safari/3.2.1
- version/apple mobile safari/3.0.2
- version/apple mobile safari/2.0.4
- version/apple mobile safari/3.1.1
- version/apple mobile safari/1.0.3
- version/apple mobile safari/1.0
- version/apple mobile safari/1.3
- version/apple mobile safari/3.2
- version/apple mobile safari/3.0.1
- version/apple mobile safari/3.2.2