CVE-2009-2419

Name of the Vulnerable Software and Affected Versions Apple Safari versions 4.0 through 4.0.1

Description The issue is related to a use-after-free error in the servePendingRequests() function in WebKit, which can cause a denial of service (application crash) or possibly allow the execution of arbitrary code. This can be triggered by a crafted HTML document referencing a zero-length .js file and utilizing the JavaScript reload function. When a user visits a specially crafted web page, it can lead to a crash due to the dereference of invalid memory. While code execution has not been proven, it cannot be completely ruled out.

Recommendations For Apple Safari versions 4.0 through 4.0.1, consider disabling the servePendingRequests() function as a temporary workaround until a patch is available. Restrict access to specially crafted web pages that could exploit this issue to minimize the risk of browser crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.