Apple Safari vulnerable to buffer overflow

ID VU:176732
Type cert
Reporter CERT
Modified 2006-03-03T00:00:00



Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.



Apple Safari is a web browser that comes with the Mac OS X operating system.

The Problem

Apple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari.


A remote attacker may be able to execute arbitrary code on a vulnerable system.


Install an update

This issue is corrected in Apple Security Update 2006-001.

Disable JavaScript in Safari

For instructions on how to disable JavaScript in Safari, please refer to the Safari section of the Securing Your Web Browser document.

Systems Affected

Vendor| Status| Date Notified| Date Updated
Apple Computer, Inc.| | -| 03 Mar 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A


  • <>
  • <>
  • <>


This issue was reported in Apple Security Update 2006-001 .

This document was written by Jeff Gennari

Other Information

  • CVE IDs: CVE-2006-0387
  • Date Public: 02 Mar 2006
  • Date First Published: 03 Mar 2006
  • Date Last Updated: 03 Mar 2006
  • Severity Metric: 17.21
  • Document Revision: 10