Apple Safari vulnerabilities

CVE-2010-1120 [CRITICAL] CWE-94 CVE-2010-1120: Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbi Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.

CVE-2010-1119 [CRITICAL] CWE-399 CVE-2010-1119: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute man

CVE-2010-1029 [MEDIUM] CWE-399 CVE-2010-1029: Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Saf Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *

CVE-2010-0053 [CRITICAL] CWE-399 CVE-2010-0053: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execu Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.

CVE-2010-0046 [CRITICAL] CWE-94 CVE-2010-0046: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.

CVE-2010-0052 [CRITICAL] CWE-399 CVE-2010-0052: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execu Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."

CVE-2010-0043 [CRITICAL] CWE-94 CVE-2010-0043: ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to exe ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

CVE-2010-0040 [CRITICAL] CWE-189 CVE-2010-0040: Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

CVE-2010-0045 [CRITICAL] CWE-20 CVE-2010-0045: Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows r Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

CVE-2010-0054 [CRITICAL] CWE-399 CVE-2010-0054: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execu Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.

CVE-2010-0049 [CRITICAL] CWE-399 CVE-2010-0049: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execu Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.

CVE-2010-0050 [HIGH] CWE-416 CVE-2010-0050: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execu Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.

CVE-2010-0047 [HIGH] CWE-399 CVE-2010-0047: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execu Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."

CVE-2010-0048 [HIGH] CWE-399 CVE-2010-0048: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execu Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

CVE-2010-0051 [MEDIUM] CWE-20 CVE-2010-0051: WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of styleshee WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.

CVE-2010-0042 [MEDIUM] CWE-200 CVE-2010-0042: ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory ac ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

CVE-2010-0041 [MEDIUM] CWE-200 CVE-2010-0041: ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory ac ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

CVE-2010-0044 [MEDIUM] CWE-16 CVE-2010-0044: PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

CVE-2010-0925 [MEDIUM] CVE-2010-0925: cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windo cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.

CVE-2010-0924 [MEDIUM] CVE-2010-0924: cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0. cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.