Apple Safari vulnerabilities

CVE-2011-3887 [MEDIUM] CWE-565 CVE-2011-3887: Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote att Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

CVE-2011-3888 [MEDIUM] CWE-416 CVE-2011-3888: Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attack Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.

CVE-2011-3230 [MEDIUM] CWE-264 CVE-2011-3230: Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allo Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

CVE-2011-3243 [MEDIUM] CWE-79 CVE-2011-3243: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

CVE-2011-3229 [MEDIUM] CWE-22 CVE-2011-3229: Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute ar Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

CVE-2011-3231 [MEDIUM] CWE-94 CVE-2011-3231: The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized m The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.

CVE-2011-3242 [MEDIUM] CWE-200 CVE-2011-3242: The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize th The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

CVE-2011-2877 [MEDIUM] CVE-2011-2877: Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers t Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."

CVE-2011-2860 [HIGH] CWE-416 CVE-2011-2860: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.

CVE-2011-3234 [MEDIUM] CWE-125 CVE-2011-3234: Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to c Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-2857 [MEDIUM] CWE-416 CVE-2011-2857: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.

CVE-2011-2846 [MEDIUM] CWE-416 CVE-2011-2846: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.

CVE-2011-2854 [MEDIUM] CWE-416 CVE-2011-2854: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."

CVE-2011-2855 [MEDIUM] CWE-74 CVE-2011-2855: Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequen Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

CVE-2011-2847 [MEDIUM] CWE-416 CVE-2011-2847: Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remo Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2011-2825 [CRITICAL] CWE-416 CVE-2011-2825: Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.

CVE-2011-2823 [HIGH] CWE-416 CVE-2011-2823: Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.

CVE-2011-2827 [HIGH] CWE-416 CVE-2011-2827: Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.

CVE-2011-2818 [MEDIUM] CWE-416 CVE-2011-2818: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.

CVE-2011-2799 [MEDIUM] CWE-416 CVE-2011-2799: Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.