On Mon, Mar 16, 2009 at 10:28:04PM -0400, Michael Gilbert wrote: > package: libwebkit-1.0-1 > severity: grave > tags: security > > it has been found that webkit is vulnerable to a cross-site scripting > vulnerability, see CVE-2008-4723 [1]. > > note that certain extensions are protected and others are not. for > example, the attack does not work for files with the jpg or txt > extension. however, the attack seems to work for general extensions > such as odp, xls, etc (probably because webkit does not have a proper > download that would appropriately handle general extensions yet). > > if you fix these vulnerabilities, please make sure to include the CVE > id in your changelog. please contact the security team to coordinate > a fix for stable and/or if you have any questions. > > regards, > mike > > [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4723
This sounds very exagerated. Basically, what happens is that browsers don't care about the file extension when dealing with these, and "sniff" the real content. But in the end, the so-called attack could be done with an http server serving .jpeg files with a text/html mime type. Nothing new, and nothing that sounds like a real security threat. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
