Safari@2 Security Vulnerabilities and Issues — Page 3 of Safari@2 CVE List

CVE-2012-0683

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3605

CVE-2012-3627

9.3CVSS7.8AI score0.02013EPSS

CVE-2012-3628

CVE-2012-3635

CVE-2012-3680

9.3CVSS7.8AI score0.02767EPSS

CVE-2012-3683

CVE•added 2012/07/25 7:55 p.m.•42 views

CVE-2012-3690

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.

4.3CVSS6AI score0.00211EPSS

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3714

The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.

4.3CVSS5.9AI score0.00319EPSS

CVE•added 2008/11/17 6:18 p.m.•41 views

CVE-2008-3623

Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to impr...

9.3CVSS7.9AI score0.12316EPSS

CVE-2012-3591

CVE-2012-3641

CVE-2012-3655

CVE-2012-3656

CVE-2012-3667

CVE-2012-3679

CVE•added 2010/11/22 1:0 p.m.•40 views

CVE-2010-3822

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service ...

9.3CVSS8.6AI score0.02199EPSS

CVE•added 2011/03/11 10:55 p.m.•40 views

CVE-2011-0169

WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

2.6CVSS7.5AI score0.00362EPSS

CVE•added 2011/07/21 11:55 p.m.•40 views

CVE-2011-0219

Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

5.8CVSS7.8AI score0.00163EPSS

CVE•added 2011/07/21 11:55 p.m.•40 views

CVE-2011-0221

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE-2012-0682

CVE-2012-3589

8.8CVSS7.8AI score0.0124EPSS

CVE-2012-3590

CVE-2012-3610

CVE-2012-3620

9.3CVSS7.8AI score0.02653EPSS

CVE-2012-3630

CVE-2012-3633

CVE-2012-3663

9.3CVSS7.8AI score0.02767EPSS

CVE-2012-3666

CVE•added 2012/07/25 7:55 p.m.•40 views

CVE-2012-3689

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.

5.8CVSS6AI score0.00155EPSS

CVE•added 2009/06/15 7:30 p.m.•39 views

CVE-2009-2066

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, re...

6.8CVSS6.6AI score0.00299EPSS

CVE-2012-3592

CVE-2012-3625

CVE-2012-3636

CVE-2012-3638

CVE-2012-3669

CVE•added 2010/11/22 1:0 p.m.•38 views

CVE-2010-3819

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a d...

9.3CVSS8.7AI score0.02551EPSS

CVE•added 2011/07/21 11:55 p.m.•38 views

CVE-2011-0217

Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.

4.3CVSS7.5AI score0.00236EPSS

CVE•added 2012/07/25 8:55 p.m.•38 views

CVE-2012-3618

CVE•added 2012/07/25 8:55 p.m.•38 views

CVE-2012-3629

CVE•added 2012/07/25 8:55 p.m.•38 views

CVE-2012-3637

9.3CVSS7.8AI score0.02653EPSS

CVE•added 2012/07/25 7:55 p.m.•38 views

CVE-2012-3697

WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.

7.1CVSS6.3AI score0.00138EPSS

CVE•added 2011/10/14 10:55 a.m.•37 views

CVE-2011-3231

The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.

6.8CVSS7.4AI score0.00319EPSS

CVE•added 2012/03/12 9:55 p.m.•37 views

CVE-2012-0640

WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.

5CVSS6AI score0.00291EPSS

CVE•added 2012/07/25 8:55 p.m.•37 views

CVE-2012-3597

CVE•added 2012/07/25 8:55 p.m.•37 views

CVE-2012-3609

CVE•added 2012/07/25 8:55 p.m.•37 views

CVE-2012-3661