Описание
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | no webkit |
| devel | not-affected | 4.5.2-0ubuntu5 |
| hardy | not-affected | no webkit |
| intrepid | ignored | end of life, was needed |
| jaunty | ignored | end of life |
| karmic | not-affected | 4.5.2-0ubuntu5 |
| lucid | not-affected | 4.5.2-0ubuntu5 |
| maverick | not-affected | 4.5.2-0ubuntu5 |
| natty | not-affected | 4.5.2-0ubuntu5 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.1.12-1ubuntu1 |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | ignored | end of life |
| karmic | not-affected | 1.1.12-1ubuntu1 |
| lucid | not-affected | 1.1.12-1ubuntu1 |
| maverick | not-affected | 1.1.12-1ubuntu1 |
| natty | not-affected | 1.1.12-1ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
Связанные уязвимости
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
4.3 Medium
CVSS2