9 matches found
Apple Safari 3.0.x for Windows Document.Location.Hash Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26448/info Safari for Windows is prone to a buffer overflow that occurs when an attacker entices a victim to view a maliciously crafted webpage. A remote attacker may exploit this issue to execute arbitrary machine code i...
Authentication flaw
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not...
CVE-2007-4692
The CVE-2007-4692 issue affects Apple Safari 3 (pre-Beta Update 3.0.4) on Windows and Mac OS X 10.4–10.4.10. The vulnerability arises in the tabbed browsing feature, allowing remote attackers to spoof HTTP authentication for other sites by displaying an authentication sheet for a non-active tab, ...
CVE-2007-3758
CVE-2007-3758 affects Safari on Apple iPhone 1.1.1 and Safari 3 prior to Beta Update 3.0.4, on Windows, and Mac OS X 10.4–10.4.10. Root cause: JavaScript window properties can be set across domain boundaries, enabling cross-site scripting (XSS). Impact as described: remote XSS vector. Remediation...
CVE-2007-3743
Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a bookmark with a long title...
CVE-2007-3944
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions PCRE library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE:...
CVE-2007-3718
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher...
CVE-2007-2400
Apple Safari affected: Safari 3 Beta up to 3.0.2 and iPhone Safari before 1.0.1. Root cause is a race condition during page updates and HTTP redirects, enabling cross-domain access and cross-site scripting via same-origin violations. Impact described as bypassing JavaScript security model and mod...
PT-2007-3733 · Apple · Safari
Name of the Vulnerable Software and Affected Versions: Apple Safari versions 3 Beta through 3.0.2 Apple Safari on iPhone version prior to 1.0.1 Description: The issue allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain, conducting...