WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Iphone_os | Apple | 1.0.0 (including) | 1.0.0 (including) |
| Iphone_os | Apple | 1.0.1 (including) | 1.0.1 (including) |
| Iphone_os | Apple | 1.0.2 (including) | 1.0.2 (including) |
| Iphone_os | Apple | 1.1.0 (including) | 1.1.0 (including) |
| Iphone_os | Apple | 1.1.1 (including) | 1.1.1 (including) |
| Iphone_os | Apple | 1.1.2 (including) | 1.1.2 (including) |
| Iphone_os | Apple | 1.1.3 (including) | 1.1.3 (including) |
| Iphone_os | Apple | 1.1.4 (including) | 1.1.4 (including) |
| Iphone_os | Apple | 1.1.5 (including) | 1.1.5 (including) |
| Iphone_os | Apple | 2.0 (including) | 2.0 (including) |
| Iphone_os | Apple | 2.0.0 (including) | 2.0.0 (including) |
| Iphone_os | Apple | 2.0.1 (including) | 2.0.1 (including) |
| Iphone_os | Apple | 2.0.2 (including) | 2.0.2 (including) |
| Iphone_os | Apple | 2.1 (including) | 2.1 (including) |
| Iphone_os | Apple | 2.1.1 (including) | 2.1.1 (including) |
| Iphone_os | Apple | 2.2 (including) | 2.2 (including) |
| Iphone_os | Apple | 2.2.1 (including) | 2.2.1 (including) |
| Qt4-x11 | Ubuntu | intrepid | * |
| Qt4-x11 | Ubuntu | jaunty | * |
| Webkit | Ubuntu | hardy | * |
| Webkit | Ubuntu | intrepid | * |
| Webkit | Ubuntu | jaunty | * |