Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

8 matches found

CVE•added 2007/09/11 6:17 p.m.•61 views

CVE-2007-4812

Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert ...

5CVSS6.8AI score0.04144EPSS

CVE•added 2007/09/27 9:17 p.m.•53 views

CVE-2007-3756

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.

4.3CVSS6.6AI score0.00991EPSS

CVE•added 2007/09/27 10:17 p.m.•47 views

CVE-2007-3760

Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.

4.3CVSS6.2AI score0.01182EPSS

CVE•added 2007/09/27 10:17 p.m.•42 views

CVE-2007-3758

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.

4.3CVSS6.6AI score0.01387EPSS

CVE•added 2007/09/27 10:17 p.m.•40 views

CVE-2007-3759

Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.

6.8CVSS6AI score0.00703EPSS

CVE•added 2007/09/27 10:17 p.m.•39 views

CVE-2007-3761

Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain.

4.3CVSS5.2AI score0.00529EPSS

CVE•added 2007/09/27 9:17 p.m.•38 views

CVE-2007-3757

Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed.

4.3CVSS6.1AI score0.00993EPSS

CVE•added 2007/09/27 10:17 p.m.•37 views

CVE-2007-4671

Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages f...

6.8CVSS7.1AI score0.02687EPSS