Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

4 matches found

CVE•added 2005/05/02 4:0 a.m.•123 views

CVE-2005-0234

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5CVSS6.5AI score0.00495EPSS

CVE•added 2005/05/02 4:0 a.m.•87 views

CVE-2005-0341

Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks.

4.3CVSS5.5AI score0.00409EPSS

CVE•added 2005/05/02 4:0 a.m.•82 views

CVE-2005-0976

AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.

5CVSS6.7AI score0.00362EPSS

CVE•added 2005/05/03 4:0 a.m.•47 views

CVE-2005-1385

Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference.

2.6CVSS6.9AI score0.01126EPSS