Safari@3.0 Security Vulnerabilities and Issues — Page 4 of Safari@3.0 CVE List

CVE-2012-0683

WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.

CVE-2012-3605

CVE-2012-3627

9.3CVSS7.8AI score0.02013EPSS

CVE-2012-3628

CVE-2012-3635

CVE-2012-3680

9.3CVSS7.8AI score0.02767EPSS

CVE-2012-3683

CVE•added 2012/07/25 7:55 p.m.•42 views

CVE-2012-3690

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site.

4.3CVSS6AI score0.00211EPSS

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3714

The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.

4.3CVSS5.9AI score0.00319EPSS

CVE•added 2008/11/17 6:18 p.m.•41 views

CVE-2008-3623

Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to impr...

9.3CVSS7.9AI score0.12316EPSS

CVE•added 2009/06/10 6:0 p.m.•41 views

CVE-2009-1707

Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.

1.2CVSS5.4AI score0.0007EPSS

CVE•added 2012/03/02 12:55 a.m.•41 views

CVE-2011-3443

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rul...

7.5CVSS8.8AI score0.01686EPSS

CVE-2012-3591

CVE-2012-3641

CVE-2012-3655

CVE-2012-3656

CVE-2012-3667

CVE-2012-3679

CVE•added 2009/08/12 7:30 p.m.•40 views

CVE-2009-2200

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

7.1CVSS7.5AI score0.00614EPSS

CVE•added 2010/11/22 1:0 p.m.•40 views

CVE-2010-3822

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service ...

9.3CVSS8.6AI score0.02199EPSS

CVE•added 2011/03/11 10:55 p.m.•40 views

CVE-2011-0169

WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

2.6CVSS7.5AI score0.00362EPSS

CVE•added 2011/07/21 11:55 p.m.•40 views

CVE-2011-0219

Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

5.8CVSS7.8AI score0.00163EPSS

CVE•added 2011/07/21 11:55 p.m.•40 views

CVE-2011-0221

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3CVSS8.8AI score0.03306EPSS

CVE-2012-0682

CVE-2012-3589

8.8CVSS7.8AI score0.0124EPSS

CVE-2012-3590

CVE-2012-3610

CVE-2012-3620

9.3CVSS7.8AI score0.02653EPSS

CVE-2012-3630

CVE-2012-3633

CVE-2012-3663

9.3CVSS7.8AI score0.02767EPSS

CVE-2012-3666

CVE•added 2012/07/25 7:55 p.m.•40 views

CVE-2012-3689

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.

5.8CVSS6AI score0.00155EPSS

CVE•added 2008/06/23 8:41 p.m.•39 views

CVE-2008-2306

Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.

9.3CVSS6.9AI score0.00522EPSS

CVE•added 2009/06/10 6:0 p.m.•39 views

CVE-2009-1708

Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.

9.3CVSS7.1AI score0.03272EPSS

CVE•added 2009/06/15 7:30 p.m.•39 views

CVE-2009-2066

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, re...

6.8CVSS6.6AI score0.00299EPSS

CVE•added 2012/03/12 9:55 p.m.•39 views

CVE-2012-0584

The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.

6.4CVSS6.1AI score0.00585EPSS

CVE-2012-3592

CVE-2012-3625

CVE-2012-3636

CVE-2012-3638

CVE-2012-3669

CVE•added 2008/03/19 12:44 a.m.•38 views

CVE-2008-1009

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

4.3CVSS5.3AI score0.00977EPSS

CVE•added 2009/06/10 6:0 p.m.•38 views

CVE-2009-1704

CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.

9.3CVSS6.8AI score0.02364EPSS

CVE•added 2009/06/10 6:0 p.m.•38 views

CVE-2009-1705

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

9.3CVSS7.9AI score0.05154EPSS

CVE•added 2010/11/22 1:0 p.m.•38 views

CVE-2010-3819

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a d...

9.3CVSS8.7AI score0.02551EPSS

CVE•added 2011/07/21 11:55 p.m.•38 views

CVE-2011-0217

Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.

4.3CVSS7.5AI score0.00236EPSS

CVE•added 2012/07/25 8:55 p.m.•38 views

CVE-2012-3618