CVE-2009-1695 Information

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0 iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.

Reference

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54991 http://secunia.com/advisories/35379 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://securitytracker.com/id?1022344 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.debian.org/security/2009/dsa-1950 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35328 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2011/0212