Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-1690

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."

Published

2009-06-10T14:30:00.437

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apple	safari	≤ 4.0_beta	Yes
Application	apple	safari	0.8	Yes
Application	apple	safari	0.9	Yes
Application	apple	safari	1.0	Yes
Application	apple	safari	1.0.3	Yes
Application	apple	safari	1.1	Yes
Application	apple	safari	1.2	Yes
Application	apple	safari	1.3	Yes
Application	apple	safari	1.3.1	Yes
Application	apple	safari	1.3.2	Yes
Application	apple	safari	2.0	Yes
Application	apple	safari	2.0.2	Yes
Application	apple	safari	2.0.4	Yes
Application	apple	safari	3.0	Yes
Application	apple	safari	3.0.2	Yes
Application	apple	safari	3.0.3	Yes
Application	apple	safari	3.0.4	Yes
Application	apple	safari	3.1	Yes
Application	apple	safari	3.1.1	Yes
Application	apple	safari	3.1.2	Yes
Application	apple	safari	3.2.1	Yes
Application	apple	safari	3.2.3	Yes
Application	apple	safari	≤ 3.2.3	Yes
Application	apple	safari	3.0	Yes
Application	apple	safari	3.0.1	Yes
Application	apple	safari	3.0.2	Yes
Application	apple	safari	3.0.3	Yes
Application	apple	safari	3.0.4	Yes
Application	apple	safari	3.1	Yes
Application	apple	safari	3.1.1	Yes
Application	apple	safari	3.1.2	Yes
Application	apple	safari	3.2	Yes
Application	apple	safari	3.2.1	Yes
Application	apple	safari	3.2.2	Yes
Operating System	apple	iphone_os	1.0	Yes
Operating System	apple	iphone_os	1.0.0	Yes
Operating System	apple	iphone_os	1.0.1	Yes
Operating System	apple	iphone_os	1.0.1	Yes
Operating System	apple	iphone_os	1.0.2	Yes
Operating System	apple	iphone_os	1.0.2	Yes
Operating System	apple	iphone_os	1.1	Yes
Operating System	apple	iphone_os	1.1.0	Yes
Operating System	apple	iphone_os	1.1.0	Yes
Operating System	apple	iphone_os	1.1.0	Yes
Operating System	apple	iphone_os	1.1.1	Yes
Operating System	apple	iphone_os	1.1.1	Yes
Operating System	apple	iphone_os	1.1.2	Yes
Operating System	apple	iphone_os	1.1.2	Yes
Operating System	apple	iphone_os	1.1.2	Yes
Operating System	apple	iphone_os	1.1.3	Yes
Operating System	apple	iphone_os	1.1.3	Yes
Operating System	apple	iphone_os	1.1.3	Yes
Operating System	apple	iphone_os	1.1.4	Yes
Operating System	apple	iphone_os	1.1.4	Yes
Operating System	apple	iphone_os	1.1.4	Yes
Operating System	apple	iphone_os	1.1.5	Yes
Operating System	apple	iphone_os	1.1.5	Yes
Operating System	apple	iphone_os	1.1.5	Yes
Operating System	apple	iphone_os	2.0	Yes
Operating System	apple	iphone_os	2.0.0	Yes
Operating System	apple	iphone_os	2.0.0	Yes
Operating System	apple	iphone_os	2.0.0	Yes
Operating System	apple	iphone_os	2.0.1	Yes
Operating System	apple	iphone_os	2.0.1	Yes
Operating System	apple	iphone_os	2.0.1	Yes
Operating System	apple	iphone_os	2.0.2	Yes
Operating System	apple	iphone_os	2.0.2	Yes
Operating System	apple	iphone_os	2.0.2	Yes
Operating System	apple	iphone_os	2.1	Yes
Operating System	apple	iphone_os	2.1	Yes
Operating System	apple	iphone_os	2.1	Yes
Operating System	apple	iphone_os	2.2	Yes
Operating System	apple	iphone_os	2.2	Yes
Operating System	apple	iphone_os	2.2.1	Yes
Operating System	apple	iphone_os	2.2.1	Yes
Application	google	chrome	1.0.154.53	Yes

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803 ([email protected])
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html Patch, Vendor Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html Patch, Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html ([email protected])
http://osvdb.org/54990 ([email protected])
http://secunia.com/advisories/35379 Vendor Advisory ([email protected])
http://secunia.com/advisories/36057 Vendor Advisory ([email protected])
http://secunia.com/advisories/36062 Vendor Advisory ([email protected])
http://secunia.com/advisories/36790 Vendor Advisory ([email protected])
http://secunia.com/advisories/37746 Vendor Advisory ([email protected])
http://secunia.com/advisories/43068 Vendor Advisory ([email protected])
http://securitytracker.com/id?1022345 Patch ([email protected])
http://support.apple.com/kb/HT3613 Patch, Vendor Advisory ([email protected])
http://support.apple.com/kb/HT3639 Patch, Vendor Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1950 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 ([email protected])
http://www.securityfocus.com/bid/35260 Exploit, Patch ([email protected])
http://www.ubuntu.com/usn/USN-822-1 ([email protected])
http://www.ubuntu.com/usn/USN-836-1 ([email protected])
http://www.ubuntu.com/usn/USN-857-1 ([email protected])
http://www.vupen.com/english/advisories/2009/1522 Patch, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/1621 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0212 Vendor Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11009 ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html ([email protected])
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/54990 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35379 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36057 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36062 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36790 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37746 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43068 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1022345 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3613 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3639 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1950 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35260 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-822-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-836-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-857-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/1522 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/1621 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0212 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11009 (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html (af854a3a-2127-422b-91ae-364da2661108)