3 matches found
Apple Safari safari-extension:// URL处理遍历远程代码执行漏洞
CVE ID: CVE-2011-3229 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器,使用了KDE的KHTML作为浏览器的运算核心。 Safari在处理safari-extension:// URL时存在目录遍历问题,浏览恶意网站可导致执行任意Javascript代码。 Apple Mac OS X 10.6.8 Apple Mac OS X Server v10.6.8 Microsoft Vista Microsoft Windows 7 Apple OS X Lion 10.7.2 Apple OS X Lion Server 10.7.2 厂商补丁:...
APPLE-SA-2011-10-12-4 Safari 5.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-4 Safari 5.1.1 Safari 5.1.1 is now available and addresses the following: Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact:...
CVE-2011-3229
CVE-2011-3229 describes a directory-traversal in Safari’s handling of safari-extension:// URLs, enabling remote attackers to execute arbitrary JavaScript within the context of installed Safari Extensions. Affected: Safari 5.0 and later on Mac OS X and Windows (per OpenVAS/PacketStorm references),...