Apple Safari vulnerabilities

CVE-2009-0945 [CRITICAL] CWE-94 CVE-2009-0945: Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data struct

CVE-2009-0162 [MEDIUM] CWE-79 CVE-2009-0162: Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.

CVE-2009-0946 [HIGH] CWE-190 CVE-2009-0946: Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

CVE-2009-1233 [MEDIUM] CWE-20 CVE-2009-1233: Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (appli Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.

CVE-2009-0744 [MEDIUM] CWE-20 CVE-2009-0744: Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character.

CVE-2009-0321 [MEDIUM] CWE-59 CVE-2009-0321: Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of s Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.

CVE-2008-5821 [MEDIUM] CWE-399 CVE-2008-5821: Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.

CVE-2008-3623 [CRITICAL] CWE-119 CVE-2008-3623: Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 t Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.

CVE-2008-4216 [MEDIUM] CWE-200 CVE-2008-4216: The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."

CVE-2008-3644 [LOW] CWE-200 CVE-2008-3644: Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have aut Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.

CVE-2008-3529 [CRITICAL] CWE-119 CVE-2008-3529: Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7 Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

CVE-2008-3281 [MEDIUM] CWE-776 CVE-2008-3281: libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribut libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

CVE-2008-2307 [CRITICAL] CWE-399 CVE-2008-2307: Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.

CVE-2008-2306 [CRITICAL] CWE-264 CVE-2008-2306: Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRIS Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.

CVE-2008-2540 [CRITICAL] CVE-2008-2540: Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading a Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by l

CVE-2008-2000 [MEDIUM] CWE-399 CVE-2008-2000: Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

CVE-2008-1999 [MEDIUM] CVE-2008-1999: Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" char Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

CVE-2008-2001 [MEDIUM] CWE-119 CVE-2008-2001: Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a fi Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.

CVE-2008-1025 [MEDIUM] CWE-79 CVE-2008-1025: Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows rem Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.

CVE-2008-1026 [MEDIUM] CWE-119 CVE-2008-1026: Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in A Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.