← Back

CVE-2009-2841

nvd nist
Published: Nov 13, 2009Modified: Apr 23, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

Affected (68)

Products: Apple: Safari
Apple
1 product
Safari
Configuration A
68 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Apple
Safari
Up to 4.0.3
Safari
Version 0.8
Safari
Version 0.9
Safari
Version 1.0.0
Safari
Version 1.0.0b1
Safari
Version 1.0.0b2
Safari
Version 1.0.1
Safari
Version 1.0.2
Safari
Version 1.0.3
Safari
Version 1.0
Safari
Version 1.0 beta2
Safari
Version 1.0 beta
Safari
Version 1.1.0
Safari
Version 1.1.1
Safari
Version 1.2.0
Safari
Version 1.2.1
Safari
Version 1.2.2
Safari
Version 1.2.3
Safari
Version 1.2.4
Safari
Version 1.2.5
Safari
Version 1.2
Safari
Version 1.3.0
Safari
Version 1.3.1
Safari
Version 1.3.2
Safari
Version 1.3
Safari
Version 2.0.0
Safari
Version 2.0.1
Safari
Version 2.0.2
Safari
Version 2.0.3
Safari
Version 2.0.3 417.8
Safari
Version 2.0.3 417.9.2
Safari
Version 2.0.3 417.9.3
Safari
Version 2.0.3 417.9
Safari
Version 2.0.3_417.9.3
Safari
Version 2.0.4
Safari
Version 2.0.4_419.3
Safari
Version 2.0
Safari
Version 2.0_pre
Safari
Version 2
Safari
Version 3.0.0
Safari
Version 3.0.0b
Safari
Version 3.0.1
Safari
Version 3.0.1 beta
Safari
Version 3.0.1b
Safari
Version 3.0.2
Safari
Version 3.0.2b
Safari
Version 3.0.3
Safari
Version 3.0.3b
Safari
Version 3.0.4
Safari
Version 3.0.4_beta
Safari
Version 3.0.4b
Safari
Version 3.0
Safari
Version 3.1.0
Safari
Version 3.1.0b
Safari
Version 3.1.1
Safari
Version 3.1.2
Safari
Version 3.1
Safari
Version 3.2.0
Safari
Version 3.2.1
Safari
Version 3.2.2
Safari
Version 3.2.3
Safari
Version 3.2
Safari
Version 3
Safari
Version 4.0.0b
Safari
Version 4.0.1
Safari
Version 4.0.2
Safari
Version 4.0
Safari
Version 4.0 beta
Running on/withPlatform Versions
Apple
Mac Os X
All versions

References (50)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.