Apple Safari vulnerabilities

CVE-2010-0651 [MEDIUM] CWE-200 CVE-2010-0651: WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, perm WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

CVE-2009-4186 [CRITICAL] CWE-119 CVE-2009-4186: Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.

CVE-2009-3384 [CRITICAL] CVE-2009-3384: Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

CVE-2009-2842 [MEDIUM] CVE-2009-2842: Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

CVE-2009-2816 [MEDIUM] CWE-352 CVE-2009-2816: The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a

CVE-2009-2841 [MEDIUM] CVE-2009-2841: The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a

CVE-2009-3455 [HIGH] CVE-2009-3455: Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a doma Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CVE-2009-3272 [MEDIUM] CWE-399 CVE-2009-3272: Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other ve Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

CVE-2009-2804 [MEDIUM] CWE-189 CVE-2009-2804: Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windo Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

CVE-2009-3016 [MEDIUM] CWE-79 CVE-2009-3016: Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP res Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3)

CVE-2009-2195 [CRITICAL] CWE-119 CVE-2009-2195: Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

CVE-2009-2200 [HIGH] CWE-200 CVE-2009-2200: WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage att WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

CVE-2009-2199 [MEDIUM] CVE-2009-2199: Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS befo Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

CVE-2009-2196 [MEDIUM] CVE-2009-2196: Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbit Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

CVE-2009-2416 [MEDIUM] CWE-416 CVE-2009-2416: Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and l Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

CVE-2009-1725 [CRITICAL] CWE-189 CVE-2009-1725: WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPo WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (me

CVE-2009-2419 [MEDIUM] CWE-399 CVE-2009-2419: Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safa Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these detai

CVE-2009-1724 [MEDIUM] CWE-79 CVE-2009-1724: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone O Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.

CVE-2009-2420 [MEDIUM] CVE-2009-2420: Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attac Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703.

CVE-2009-2421 [MEDIUM] CWE-20 CVE-2009-2421: The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol.