Apple Webkit vulnerabilities

CVE-2010-1760 [CRITICAL] CWE-255 CVE-2010-1760: loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

CVE-2010-1386 [CRITICAL] CWE-264 CVE-2010-1386: page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.

CVE-2010-0647 [CRITICAL] CWE-94 CVE-2010-0647: WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a > sequence.

CVE-2010-0659 [CRITICAL] CWE-399 CVE-2010-0659: The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not prop The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

CVE-2010-0661 [MEDIUM] CWE-264 CVE-2010-0661: WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome b WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

CVE-2010-0651 [MEDIUM] CWE-200 CVE-2010-0651: WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, perm WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

CVE-2010-0656 [MEDIUM] CWE-200 CVE-2010-0656: WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.

CVE-2007-0342 [HIGH] CVE-2007-0342: WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null deref WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.