Safari@1.2.3 Security Vulnerabilities and Issues — Safari@1.2.3 CVE List

Lucene search

AppleSafari1.2.3

172 matches found

CVE•added 2005/12/22 11:3 p.m.•422 views

CVE-2005-4504

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.

7.8CVSS6AI score0.21773EPSS

CVE•added 2012/11/03 5:55 p.m.•154 views

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

5.1CVSS7.5AI score0.30417EPSS

CVE•added 2005/01/10 5:0 a.m.•119 views

CVE-2004-1122

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.

7.5CVSS9.3AI score0.00968EPSS

CVE•added 2012/07/25 8:55 p.m.•117 views

CVE-2012-1520

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

9.3CVSS7.8AI score0.0271EPSS

CVE•added 2010/11/22 1:0 p.m.•91 views

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a relat...

5CVSS8.2AI score0.19249EPSS

CVE•added 2011/07/21 11:55 p.m.•78 views

CVE-2011-0216

Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.

9.3CVSS8.5AI score0.01308EPSS

CVE•added 2011/07/21 11:55 p.m.•74 views

CVE-2011-0255

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2009/05/13 5:30 p.m.•72 views

CVE-2009-0945

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitra...

9.3CVSS7.7AI score0.11718EPSS

CVE•added 2010/11/22 1:0 p.m.•70 views

CVE-2010-3812

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause...

9.3CVSS9.3AI score0.06675EPSS

CVE•added 2011/10/14 10:55 a.m.•68 views

CVE-2011-3243

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

4.3CVSS5AI score0.00521EPSS

CVE•added 2009/09/29 6:0 p.m.•67 views

CVE-2009-3455

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certi...

7.5CVSS5.7AI score0.01808EPSS

CVE•added 2009/11/13 3:30 p.m.•63 views

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers...

5CVSS6.8AI score0.03879EPSS

CVE•added 2009/11/13 3:30 p.m.•63 views

CVE-2009-2842

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

4.3CVSS5.9AI score0.00796EPSS

CVE•added 2011/07/21 11:55 p.m.•63 views

CVE-2011-1288

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2009/08/12 7:30 p.m.•59 views

CVE-2009-2195

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

9.3CVSS8.7AI score0.2882EPSS

CVE•added 2010/11/22 1:0 p.m.•59 views

CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetchin...

5.8CVSS8.5AI score0.00848EPSS

CVE•added 2011/07/21 11:55 p.m.•59 views

CVE-2011-1797

9.3CVSS8.8AI score0.01413EPSS

CVE•added 2010/03/25 9:0 p.m.•58 views

CVE-2010-1119

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database...

10CVSS8.6AI score0.28439EPSS

CVE•added 2011/07/21 11:55 p.m.•58 views

CVE-2010-1383

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.

9.3CVSS8.5AI score0.0083EPSS

CVE•added 2011/07/21 11:55 p.m.•58 views

CVE-2011-1453

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2006/03/31 11:6 a.m.•57 views

CVE-2006-1552

Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".

5CVSS6.4AI score0.03822EPSS

CVE•added 2009/09/14 4:30 p.m.•57 views

CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.09194EPSS

CVE•added 2009/06/15 7:30 p.m.•56 views

CVE-2009-2072

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy serve...

5.4CVSS6.1AI score0.00041EPSS

CVE•added 2010/11/22 1:0 p.m.•56 views

CVE-2010-3816

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2010/11/22 1:0 p.m.•56 views

CVE-2010-3823

9.3CVSS8.6AI score0.10426EPSS

CVE•added 2011/07/21 11:55 p.m.•56 views

CVE-2011-0222

9.3CVSS8.8AI score0.58896EPSS

CVE•added 2013/03/15 8:55 p.m.•56 views

CVE-2013-0961

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.

6.8CVSS7.5AI score0.01189EPSS

CVE•added 2009/05/13 3:30 p.m.•55 views

CVE-2009-0162

Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.

4.3CVSS6.1AI score0.0195EPSS

CVE•added 2011/07/21 11:55 p.m.•55 views

CVE-2011-0253

9.3CVSS8.8AI score0.02627EPSS

CVE•added 2012/07/25 8:55 p.m.•55 views

CVE-2012-3681

9.3CVSS7.8AI score0.02826EPSS

CVE•added 2009/11/13 3:30 p.m.•54 views

CVE-2009-3384

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

9.3CVSS7.3AI score0.01257EPSS

CVE•added 2011/03/10 8:55 p.m.•54 views

CVE-2011-1344

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, r...

6.8CVSS9AI score0.03992EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-0233

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2011/07/21 11:55 p.m.•53 views

CVE-2011-1774

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

8.8CVSS6.7AI score0.81631EPSS

CVE•added 2012/07/25 8:55 p.m.•53 views

CVE-2012-3626

9.3CVSS7.8AI score0.02013EPSS

CVE•added 2012/07/25 7:55 p.m.•53 views

CVE-2012-3691

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5.8CVSS6AI score0.00227EPSS

CVE•added 2010/11/22 1:0 p.m.•51 views

CVE-2010-3805

Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010...

9.3CVSS8.6AI score0.12024EPSS

CVE•added 2011/03/11 10:55 p.m.•51 views

CVE-2011-0166

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

5.8CVSS8AI score0.00542EPSS

CVE•added 2011/07/21 11:55 p.m.•51 views

CVE-2011-0241

Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.

9.3CVSS7.7AI score0.08047EPSS

CVE•added 2011/07/21 11:55 p.m.•51 views

CVE-2011-1462

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2012/03/12 9:55 p.m.•51 views

CVE-2012-0647

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS6.2AI score0.00276EPSS

CVE•added 2013/03/15 8:55 p.m.•51 views

CVE-2013-0960

6.8CVSS7.5AI score0.01189EPSS

CVE•added 2010/11/22 1:0 p.m.•50 views

CVE-2010-3820

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a craf...

9.3CVSS8.6AI score0.02223EPSS

CVE•added 2011/03/11 10:55 p.m.•50 views

CVE-2011-0163

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

4.3CVSS7.9AI score0.01049EPSS

CVE•added 2011/07/21 11:55 p.m.•50 views

CVE-2011-1457

9.3CVSS8.8AI score0.03306EPSS

CVE•added 2010/11/22 1:0 p.m.•49 views

CVE-2010-3808

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (...

9.3CVSS8.7AI score0.02551EPSS

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

5CVSS8.3AI score0.00423EPSS

CVE•added 2011/03/11 10:55 p.m.•49 views

CVE-2011-0167

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

4.3CVSS8.2AI score0.02629EPSS

CVE•added 2012/07/25 8:55 p.m.•49 views

CVE-2012-3674

9.3CVSS7.8AI score0.021EPSS

CVE•added 2010/11/22 1:0 p.m.•48 views

CVE-2010-3810

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.

4.3CVSS7.8AI score0.00819EPSS

Total number of security vulnerabilities172