CVE Vulnerabilities

CVE-2009-1681

Published: Jun 10, 2009 | Modified: Feb 17, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct clickjacking attacks via a crafted HTML document.

Affected Software

Name Vendor Start Version End Version
Safari Apple 1.1 1.1
Safari Apple 1.3.1 1.3.1
Safari Apple 3.2.3 3.2.3
Safari Apple 2.0.2 2.0.2
Safari Apple 3.1 3.1
Safari Apple 3.1.2 3.1.2
Safari Apple 3.0 3.0
Safari Apple 0.8 0.8
Safari Apple 2.0 2.0
Safari Apple 3.0.4 3.0.4
Safari Apple 0.9 0.9
Safari Apple 3.0.3 3.0.3
Safari Apple 1.3.2 1.3.2
Safari Apple 1.2 1.2
Safari Apple * 4.0_beta
Safari Apple 3.2.1 3.2.1
Safari Apple 3.0.2 3.0.2
Safari Apple 2.0.4 2.0.4
Safari Apple 3.1.1 3.1.1
Safari Apple 1.0.3 1.0.3
Safari Apple 1.0 1.0
Safari Apple 1.3 1.3

References