CVE-2009-1710

WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browsers display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	4.0_beta (including)
Safari	Apple	0.8 (including)	0.8 (including)
Safari	Apple	0.9 (including)	0.9 (including)
Safari	Apple	1.0 (including)	1.0 (including)
Safari	Apple	1.0.3 (including)	1.0.3 (including)
Safari	Apple	1.1 (including)	1.1 (including)
Safari	Apple	1.2 (including)	1.2 (including)
Safari	Apple	1.3 (including)	1.3 (including)
Safari	Apple	1.3.1 (including)	1.3.1 (including)
Safari	Apple	1.3.2 (including)	1.3.2 (including)
Safari	Apple	2.0 (including)	2.0 (including)
Safari	Apple	2.0.2 (including)	2.0.2 (including)
Safari	Apple	2.0.4 (including)	2.0.4 (including)
Safari	Apple	3.0 (including)	3.0 (including)
Safari	Apple	3.0.2 (including)	3.0.2 (including)
Safari	Apple	3.0.3 (including)	3.0.3 (including)
Safari	Apple	3.0.4 (including)	3.0.4 (including)
Safari	Apple	3.1 (including)	3.1 (including)
Safari	Apple	3.1.1 (including)	3.1.1 (including)
Safari	Apple	3.1.2 (including)	3.1.2 (including)
Safari	Apple	3.2.1 (including)	3.2.1 (including)
Safari	Apple	3.2.3 (including)	3.2.3 (including)
Qt4-x11	Ubuntu	intrepid	*
Webkit	Ubuntu	hardy	*
Webkit	Ubuntu	intrepid	*
Webkit	Ubuntu	jaunty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1710
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References