HTML document that triggers write access to an offset of a NULL
pointer. (CVE-2009-1687).
WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit
(aka Qt toolkit), and possibly other products does not properly handle
numeric character references, which allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted HTML document (CVE-2009-1725).
Use-after-free vulnerability in WebKit, as used in Apple Safari
before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1
arbitrary local files and files from different security zones.
CVE-2009-1725
WebKit in qt4-x11 does not properly handle numeric character references,
which allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted HTML document.
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted HTML document. (CVE-2009-1698)
WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit
(aka Qt toolkit), and possibly other products does not properly handle
numeric character references, which allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted HTML document. (CVE-2009-1725)
KDE Konqueror allows remote attackers to cause a denial of service
(memory consumption) via a large integer value for the length property
information via an APPLET or OBJECT element.
CVE-2009-1725
WebKit do not properly handle numeric character references, which allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) via a crafted HTML document.
CVE-2009-1714
