Apple Safari vulnerabilities

CVE-2009-2066 [MEDIUM] CWE-287 CVE-2009-2066: Apple Safari detects http content in https web pages only when the top-level frame uses https, which Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pa

CVE-2009-2058 [MEDIUM] CWE-287 CVE-2009-2058: Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CVE-2009-2062 [MEDIUM] CWE-287 CVE-2009-2062: Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, w Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

CVE-2009-2072 [MEDIUM] CWE-287 CVE-2009-2072: Apple Safari does not require a cached certificate before displaying a lock icon for an https web si Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.

CVE-2009-1701 [CRITICAL] CWE-399 CVE-2009-1701: Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4 Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML contai

CVE-2009-1712 [CRITICAL] CWE-94 CVE-2009-1712: WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allow WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

CVE-2009-1709 [CRITICAL] CWE-399 CVE-2009-1709: Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and uns

CVE-2009-1705 [CRITICAL] CWE-189 CVE-2009-1705: CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

CVE-2009-1687 [CRITICAL] CWE-399 CVE-2009-1687: The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that

CVE-2009-1704 [CRITICAL] CWE-94 CVE-2009-1704: CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.

CVE-2009-1690 [CRITICAL] CWE-399 CVE-2009-1690: Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified

CVE-2009-1708 [CRITICAL] CVE-2009-1708: Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, whi Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.

CVE-2009-1711 [CRITICAL] CWE-399 CVE-2009-1711: WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which al WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

CVE-2009-1686 [CRITICAL] CWE-20 CVE-2009-1686: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 thr WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and appli

CVE-2009-1698 [CRITICAL] CWE-94 CVE-2009-1698: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 thr WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and a

CVE-2009-2027 [HIGH] CWE-264 CVE-2009-2027: The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checkin The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.

CVE-2009-1713 [HIGH] CWE-200 CVE-2009-1713: The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

CVE-2009-1703 [HIGH] CWE-200 CVE-2009-1703: WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.

CVE-2009-1699 [HIGH] CWE-611 CVE-2009-1699: The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "X

CVE-2009-1718 [HIGH] CWE-200 CVE-2009-1718: WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive informat WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.