Vulnerability Database

290,301

Total vulnerabilities in the database

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

  • Published: Nov 13, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-2841
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
apple / safari - 4.0.3.x
apple / safari 0.8 0.8.x
apple / safari 0.9 0.9.x
apple / safari 1.0-beta 1.0-beta.x
apple / safari 1.0-beta2 1.0-beta2.x
apple / safari 1.0 1.0.x
apple / safari 1.0.0 1.0.0.x
apple / safari 1.0.0b1 1.0.0b1.x
apple / safari 1.0.0b2 1.0.0b2.x
apple / safari 1.0.1 1.0.1.x
apple / safari 1.0.2 1.0.2.x
apple / safari 1.0.3 1.0.3.x
apple / safari 1.1.0 1.1.0.x
apple / safari 1.1.1 1.1.1.x
apple / safari 1.2 1.2.x
apple / safari 1.2.0 1.2.0.x
apple / safari 1.2.1 1.2.1.x
apple / safari 1.2.2 1.2.2.x
apple / safari 1.2.3 1.2.3.x
apple / safari 1.2.4 1.2.4.x
apple / safari 1.2.5 1.2.5.x
apple / safari 1.3 1.3.x
apple / safari 1.3.0 1.3.0.x
apple / safari 1.3.1 1.3.1.x
apple / safari 1.3.2 1.3.2.x
apple / safari 2 2.x
apple / safari 2.0 2.0.x
apple / safari 2.0.0 2.0.0.x
apple / safari 2.0.1 2.0.1.x
apple / safari 2.0.2 2.0.2.x
apple / safari 2.0.3-417.9 2.0.3-417.9.x
apple / safari 2.0.3-417.9.2 2.0.3-417.9.2.x
apple / safari 2.0.3 2.0.3.x
apple / safari 2.0.3-417.9.3 2.0.3-417.9.3.x
apple / safari 2.0.3-417.8 2.0.3-417.8.x
apple / safari 2.0.3_417.9.3 2.0.3_417.9.3.x
apple / safari 2.0.4 2.0.4.x
apple / safari 2.0.4_419.3 2.0.4_419.3.x
apple / safari 2.0_pre 2.0_pre.x
apple / safari 3 3.x
apple / safari 3.0 3.0.x
apple / safari 3.0.0 3.0.0.x
apple / safari 3.0.0b 3.0.0b.x
apple / safari 3.0.1 3.0.1.x
apple / safari 3.0.1-beta 3.0.1-beta.x
apple / safari 3.0.1b 3.0.1b.x
apple / safari 3.0.2 3.0.2.x
apple / safari 3.0.2b 3.0.2b.x
apple / safari 3.0.3 3.0.3.x
apple / safari 3.0.3b 3.0.3b.x
apple / safari 3.0.4 3.0.4.x
apple / safari 3.0.4_beta 3.0.4_beta.x
apple / safari 3.0.4b 3.0.4b.x
apple / safari 3.1 3.1.x
apple / safari 3.1.0 3.1.0.x
apple / safari 3.1.0b 3.1.0b.x
apple / safari 3.1.1 3.1.1.x
apple / safari 3.1.2 3.1.2.x
apple / safari 3.2 3.2.x
apple / safari 3.2.0 3.2.0.x
apple / safari 3.2.1 3.2.1.x
apple / safari 3.2.2 3.2.2.x
apple / safari 3.2.3 3.2.3.x
apple / safari 4.0 4.0.x
apple / safari 4.0-beta 4.0-beta.x
apple / safari 4.0.0b 4.0.0b.x
apple / safari 4.0.1 4.0.1.x
apple / safari 4.0.2 4.0.2.x