Safari < 4.1 / 5.0 Multiple Vulnerabilities

Versions of Safari earlier than 4.1 / 5.0 are potentially affected by multiple vulnerabilities :

• A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. (CVE-2009-1726)

• Safari supports the inclusion of user information in URLs, which allows the URL to specify a username and password to authenticate the user to the named server. (CVE-2010-1384)

• A use after free issue exists in Safari’s management of windows. (CVE-2010-1750)

• An implementation issue exists in WebKit’s handling of URLs in the clipboard. (CVE-2010-1388)

• Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. (CVE-2010-1389)

• A cononicalization issue exists in WebKit’s handling of UTF-7 encoded text. (CVE-2010-1390)

• A path traversal issue exists in WebKit’s support for Local Storage and Web SQL database. (CVE-2010-1391)

• A use after free issue exists in WebKit’s rendering of HTML buttons. (CVE-2010-1392)

• An information disclosure issue exists in WebKit’s handling of Cascading Stylesheets. (CVE-2010-1393)

• A use after free issue exists in WebKit’s handling of attribute manipulation. (CVE-2010-1119)

• A design issue exists in WebKit’s handling of HTML document fragments. (CVE-2010-1394)

• An implementation issue exists in WebKit’s handling of keyboard focus. (CVE-2010-1422)

• A scope management issue exists in WebKit’s handling of DOM constructor objects. (CVE-2010-1395)

• A use after free issue exists in WebKit’s handling of the removal of container elements. (CVE-2010-1396)

• A use after free issue exists in WebKit’s rendering of a selection when the layout changes. (CVE-2010-1397)

• A memory corruption issue exists in WebKit’s handling of ordered list insertions. (CVE-2010-1398)

• An uninitialized memory access issue exists in WebKit’s handling of selection changes on form input elements. (CVE-2010-1399)

• A use after free issue exists in WebKit’s handling of caption elements. (CVE-2010-1400)

• A use after free issue exists in WebKit’s handling of the ‘:first-letter’ pseudo-element in cascading stylesheets. (CVE-2010-1401)

• a double free issue exists in WebKit’s handling of event listeners in SVG documents. (CVE-2010-1402)

• An uninitialized memory access issue exists in WebKit’s handling of ‘use’ elements in SVG documents. (CVE-2010-1403)

• A use after free issue exists in WebKit’s handling of SVG documents with multiple ‘use’ elements. (CVE-2010-1404)

• A memory corruption issue exists in WebKit’s handling of nested ‘use’ elements in SVG documents. (CVE-2010-1410)

• A use after free issue exists in WebKit’s handling of CSS run-ins. (CVE-2010-1749)

• A use after free issue exists in WebKit’s handling of HTML elements with custom vertical positioning. (CVE-2010-1405)

• When WebKit is redirected from an HTTPS site to an HTTP site, the Referer header is passed to the HTTP site. (CVE-2010-1406)

• An integer truncation issue exists in WebKit’s handling of requests to non-default TCP ports. (CVE-2010-1408)

• Common IRC service ports are not included in WebKit’s port blacklist. (CVE-2010-1409)

• A use after free issue exists in WebKit’s handling of hover events. (CVE-2010-1412)

• In certain circumstances, WebKit may send NTLM credentials in plain text. (CVE-2010-1413)

• A use after free issue exists in WebKit’s handling of the removeChild DOM method. (CVE-2010-1414)

• An API abuse issue exists in WebKit’s handling of libxml contexts. (CVE-2010-1415)

• A cross-site image capture issue exists in WebKit. (CVE-2010-1416)

• A memory corruption issue exists in WebKit’s rendering of CSS-styled HTML content with multiple :after pseudo-selectors. (CVE-2010-1417)

• An input validation issue exists in WebKit’s handling of the src attribute of the frame element (CVE-2010-1418)

• A use after free issue exists in WebKit’s handling of drag and drop when the window acting as a source of a drag operation is closed before the drag operation is completed. (CVE-2010-1419)

• A design issue exists in the implementation of the JavaScript function execCommand. (CVE-2010-1421)

• An issue in WebKit’s handling of malformed URLs may result in a cross-site scripting attack when visiting a maliciously crafted website. (CVE-2010-0544)

• A use after free issue exists in WebKit’s handling of DOM Range objects. (CVE-2010-1758)

• A use after free issue exists in WebKit’s handling of the Node.normalize method. (CVE-2010-1759)

• A use after free issue exist sin WebKit’s rendering of HTML document subtrees. (CVE-2010-1761)

• A design issue exists in the handling of HTML contained in textarea elements. (CVE-2010-1762)

• A design issue exists in WebKit’s handling of HTTP redirects. (CVE-2010-1764)

• A type checking issue exists in WebKit’s handling of text nodes. (CVE-2010-1770)

• A use after free issue exists in WebKit’s handling of fonts. (CVE-2010-1771)

• An out of bounds memory access issue exists in WebKit’s handling of HTML tables. (CVE-2010-1774)

• A design issue exists in WebKit’s handling of the CSS :visited pseudo-class.