Apple Safari vulnerabilities

CVE-2007-0342 [HIGH] CVE-2007-0342: WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null deref WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.

CVE-2006-6238 [MEDIUM] CVE-2006-6238: The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.

CVE-2006-3946 [HIGH] CWE-119 CVE-2006-3946: WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial o WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Jav

CVE-2006-3372 [MEDIUM] CVE-2006-3372: Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) vi Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference.

CVE-2006-3224 [MEDIUM] CVE-2006-3224: Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself.

CVE-2006-2019 [MEDIUM] CVE-2006-2019: Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a d Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.

CVE-2006-1986 [HIGH] CVE-2006-1986: Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code vi Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl.

CVE-2006-1987 [HIGH] CVE-2006-1987: Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code vi Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible.

CVE-2006-1985 [MEDIUM] CWE-119 CVE-2006-1985: Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.

CVE-2006-1988 [MEDIUM] CVE-2006-1988: The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows r The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE.

CVE-2006-1552 [MEDIUM] CWE-189 CVE-2006-1552: Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a d Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".

CVE-2005-4678 [MEDIUM] CVE-2005-4678: Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the t Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2005-4504 [HIGH] CVE-2005-4504: The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earli The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.

CVE-2005-3897 [HIGH] CVE-2005-3897: Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Java Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.

CVE-2005-2524 [MEDIUM] CVE-2005-2524: Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.

CVE-2005-3018 [MEDIUM] CVE-2005-3018: Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.

CVE-2005-2594 [MEDIUM] CVE-2005-2594: Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.

CVE-2005-2272 [LOW] CVE-2005-2272: Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that g Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

CVE-2005-1385 [LOW] CVE-2005-1385: Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference.

CVE-2005-0341 [MEDIUM] CVE-2005-0341: Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks.