Apple Safari vulnerabilities

CVE-2012-3636 [CRITICAL] CWE-119 CVE-2012-3636: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cau WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3630 [CRITICAL] CVE-2012-3630: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cau WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3611 [CRITICAL] CVE-2012-3611: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cau WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3592 [CRITICAL] CVE-2012-3592: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cau WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3599 [CRITICAL] CVE-2012-3599: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cau WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3656 [CRITICAL] CWE-119 CVE-2012-3656: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cau WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3678 [CRITICAL] CWE-119 CVE-2012-3678: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cau WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3610 [CRITICAL] CVE-2012-3610: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cau WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3590 [HIGH] CVE-2012-3590: WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cau WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3697 [HIGH] CWE-264 CVE-2012-3697: WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.

CVE-2012-3650 [MEDIUM] CWE-200 CVE-2012-3650: WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SV WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

CVE-2012-3694 [MEDIUM] CWE-200 CVE-2012-3694: WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-a WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.

CVE-2012-3689 [MEDIUM] CWE-20 CVE-2012-3689: WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-a WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2012-3691 [MEDIUM] CWE-20 CVE-2012-3691: WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property val WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2012-3695 [MEDIUM] CWE-79 CVE-2012-3695: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attacker Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property.

CVE-2012-0680 [MEDIUM] CWE-264 CVE-2012-0680: Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input elem Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

CVE-2012-3696 [MEDIUM] CWE-20 CVE-2012-3696: CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling.

CVE-2012-3690 [MEDIUM] CWE-264 CVE-2012-3690: WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-a WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.

CVE-2012-3693 [MEDIUM] CVE-2012-3693: Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to s Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.

CVE-2012-0679 [MEDIUM] CWE-264 CVE-2012-0679: Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.