Bug#538347: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...
Tags: security patch
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
| WebKit in Apple Safari before 4.0.2 does not properly handle numeric
| character references, which allows remote attackers to execute
| arbitrary code or cause a denial of service (memory corruption and
| application crash) via a crafted HTML document.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
 PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html
 Patch http://trac.webkit.org/changeset/44799/