CVE-2009-1688: XSS
First published: Wed Jun 10 2009(Updated: )
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | =1.1 | |
| Apple Safari | =1.3.1 | |
| Apple Safari | =3.2.3 | |
| Apple Safari | =2.0.2 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | =3.0 | |
| Apple Safari | =0.8 | |
| Apple Safari | =2.0 | |
| Apple Safari | =3.0.4 | |
| Apple Safari | =0.9 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =1.3.2 | |
| Apple Safari | =1.2 | |
| Apple Safari | <=4.0_beta | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =2.0.4 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =1.0.3 | |
| Apple Safari | =1.0 | |
| Apple Safari | =1.3 | |
| Apple Safari | =3.2 | |
| Apple Safari | =3.0.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | <=3.2.3 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =3.0 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.2.2 | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/35379
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://securitytracker.com/id?1022344
- http://www.securityfocus.com/bid/35260
- http://www.vupen.com/english/advisories/2009/1522
- http://support.apple.com/kb/HT3613
- http://osvdb.org/54986
- http://support.apple.com/kb/HT3639
- http://www.securityfocus.com/bid/35320
- http://www.vupen.com/english/advisories/2009/1621
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.vupen.com/english/advisories/2011/0212
Frequently Asked Questions
What is the severity of CVE-2009-1688?
The severity of CVE-2009-1688 is typically classified as moderate due to the potential for cross-site scripting attacks.
How do I fix CVE-2009-1688?
To fix CVE-2009-1688, users should update Apple Safari to version 4.0 or later as it addresses this vulnerability.
What versions of Safari are affected by CVE-2009-1688?
CVE-2009-1688 affects Apple Safari versions before 4.0, including various older versions across Mac and Windows operating systems.
What types of attacks can exploit CVE-2009-1688?
CVE-2009-1688 can be exploited to perform cross-site scripting (XSS) attacks, allowing attackers to inject arbitrary web scripts or HTML.
Is CVE-2009-1688 still a risk today?
Since CVE-2009-1688 affects outdated versions of Safari that are no longer supported, it poses a risk primarily to users who do not update their browser.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/apple
- canonical/apple safari
- version/apple safari/1.1
- version/apple safari/1.3.1
- version/apple safari/3.2.3
- version/apple safari/2.0.2
- version/apple safari/3.1
- version/apple safari/3.1.2
- version/apple safari/3.0
- version/apple safari/0.8
- version/apple safari/2.0
- version/apple safari/3.0.4
- version/apple safari/0.9
- version/apple safari/3.0.3
- version/apple safari/1.3.2
- version/apple safari/1.2
- version/apple safari/4.0_beta
- version/apple safari/3.2.1
- version/apple safari/3.0.2
- version/apple safari/2.0.4
- version/apple safari/3.1.1
- version/apple safari/1.0.3
- version/apple safari/1.0
- version/apple safari/1.3
- version/apple safari/3.2
- version/apple safari/3.0.1
- version/apple safari/3.2.2