The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari prior to 5.0.3 on Mac OS X 10.5 up to and including 10.6 and Windows, and prior to 4.1.3 on Mac OS X 10.4; webkitgtk prior to 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote malicious users to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari |
||
apple safari 5.0.1 |
||
apple safari 5.0 |
||
apple webkit |
||
apple safari 4.1.1 |
||
apple safari 3.1.0b |
||
apple safari 3.1.0 |
||
apple safari 3.0.4b |
||
apple safari 3.0.1 |
||
apple safari 3.0.0b |
||
apple safari 2.0.3 |
||
apple safari 1.3.2 |
||
apple safari 1.2.2 |
||
apple safari 1.2.1 |
||
apple safari 1.0 |
||
apple safari 1.0.3 |
||
apple safari 3.2.1 |
||
apple safari 3.2.0 |
||
apple safari 3.0.3 |
||
apple safari 3.0.2b |
||
apple safari 3 |
||
apple safari 2.0.4 |
||
apple safari 2.0.1 |
||
apple safari 2.0.0 |
||
apple safari 1.3 |
||
apple safari 1.2.5 |
||
apple safari 1.1.1 |
||
apple safari 1.1.0 |
||
apple safari 1.0.2 |
||
apple safari 1.0.1 |
||
apple safari 1.0.0b2 |
||
apple safari 4.1 |
||
apple safari 3.2.2 |
||
apple safari 3.0.4 |
||
apple safari 3.0.3b |
||
apple safari 3.0.0 |
||
apple safari 3.0 |
||
apple safari 2.0.2 |
||
apple safari 1.3.1 |
||
apple safari 1.3.0 |
||
apple safari 1.2.0 |
||
apple safari 1.2 |
||
apple safari 3.1.2 |
||
apple safari 3.1.1 |
||
apple safari 3.0.2 |
||
apple safari 3.0.1b |
||
apple safari 2.0 |
||
apple safari 2 |
||
apple safari 1.2.4 |
||
apple safari 1.2.3 |
||
apple safari 1.1 |
||
apple safari 1.0.0b1 |
||
apple safari 1.0.0 |