Apple Safari vulnerabilities

CVE-2007-4812 [MEDIUM] CWE-119 CVE-2007-4812: Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.

CVE-2007-4431 [MEDIUM] CVE-2007-4431: Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."

CVE-2007-4424 [MEDIUM] CVE-2007-4424: Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file

CVE-2007-2408 [MEDIUM] CWE-20 CVE-2007-2408: WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable J WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page.

CVE-2007-3742 [MEDIUM] CWE-16 CVE-2007-3742: WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.

CVE-2007-3743 [MEDIUM] CWE-119 CVE-2007-3743: Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windo Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title.

CVE-2007-3944 [CRITICAL] CWE-119 CVE-2007-3944: Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in th Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSaf

CVE-2007-3718 [HIGH] CVE-2007-3718: Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows ha Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.

CVE-2007-3514 [HIGH] CVE-2007-3514: Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the S Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482.

CVE-2007-3376 [CRITICAL] CVE-2007-3376: Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cau Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.

CVE-2007-2400 [MEDIUM] CWE-79 CVE-2007-2400: Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhon Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

CVE-2007-2398 [HIGH] CVE-2007-2398: Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title an Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.

CVE-2007-3284 [HIGH] CVE-2007-3284: corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a d corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.

CVE-2007-3274 [MEDIUM] CWE-399 CVE-2007-3274: Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (applicat Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.

CVE-2007-2391 [MEDIUM] CWE-79 CVE-2007-2391: Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attack Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.

CVE-2007-3186 [CRITICAL] CWE-264 CVE-2007-3186: Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.

CVE-2007-3187 [HIGH] CVE-2007-3187: Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a d Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known resea

CVE-2007-3185 [HIGH] CWE-399 CVE-2007-3185: Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.

CVE-2007-2843 [CRITICAL] CVE-2007-2843: Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted inform Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.

CVE-2007-0644 [HIGH] CVE-2007-0644: Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to c Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.