Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

4 matches found

CVE•added 2009/09/29 6:0 p.m.•67 views

CVE-2009-3455

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certi...

7.5CVSS5.7AI score0.01808EPSS

CVE•added 2009/09/21 7:30 p.m.•62 views

CVE-2009-3272

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

5CVSS8.2AI score0.0444EPSS

CVE•added 2009/09/14 4:30 p.m.•57 views

CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.09194EPSS

CVE•added 2009/09/21 7:30 p.m.•45 views

CVE-2009-3271

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

4.3CVSS6.1AI score0.02007EPSS