Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

4 matches found

CVE•added 2009/11/13 3:30 p.m.•87 views

CVE-2009-2816

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to co...

6.8CVSS6.2AI score0.02154EPSS

CVE•added 2009/11/13 3:30 p.m.•63 views

CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers...

5CVSS6.8AI score0.03879EPSS

CVE•added 2009/11/13 3:30 p.m.•63 views

CVE-2009-2842

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

4.3CVSS5.9AI score0.00796EPSS

CVE•added 2009/11/13 3:30 p.m.•54 views

CVE-2009-3384

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

9.3CVSS7.3AI score0.01257EPSS