RETIRED: Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities

Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-06-07-1. These issues affect versions prior to Safari 5.0 and 4.1 running on Apple Mac OS X, Windows 7, XP and Vista.

Attackers can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information-disclosure, remote code-execution, denial-of-service, or other consequences.

This BID is being retired. The following individual records exist to better document the issues:

40642 WebKit 'removeChild()' Remote Code Execution Vulnerability
40644 WebKit HTML Button Use After Free Remote Code Execution Vulnerability
40645 WebKit Marquee Event 'SelectionController' Remote Code Execution Vulnerability
40646 WebKit Editable Containers Remote Code Execution Vulnerability
40647 WebKit Option Element 'ContentEditable' Attribute Remote Code Execution Vulnerability
40649 WebKit 'ConditionEventListener' Remote Code Execution Vulnerability
40650 WebKit 'DOCUMENT_POSITION_DISCONNECTED' Attribute Remote Code Execution Vulnerability
40652 WebKit SVG 'RadialGradient' Attribute Remote Code Execution Vulnerability
40653 WebKit IBM1147 Character Set Text Transform Remote Code Execution Vulnerability
40654 WebKit Option Recursive Use Element Remote Code Execution Vulnerability
40655 WebKit 'first-letter' CSS Style Remote Code Execution Vulnerability
40656 WebKit SVG 'use' Element Remote Code Execution Vulnerability
40657 WebKit SVG 'use' Element Remote Code Execution Vulnerability
40658 WebKit Caption Element Handling Remote Code Execution Vulnerability
40659 WebKit Custom Vertical Positioning Remote Code Execution Vulnerability
40660 WebKit Dragging or Pasting Cross Domain Scripting Vulnerability
40661 WebKit Use After Free Remote Code Execution Vulnerability
40662 WebKit Hover Event Handling Remote Code Execution Vulnerability
40663 WebKit DOM Range Objects Remote Code Execution Vulnerability
40665 WebKit 'Node.normalize' Method Remote Code Execution Vulnerability
40665 WebKit 'Node.normalize' Method Remote Code Execution Vulnerability
40666 WebKit 'removeChild' DOM Method Remote Code Execution Vulnerability
40667 WebKit HTML Document Subtrees Remote Code Execution Vulnerability
40668 WebKit 'libxml' Context Handling Remote Code Execution Vulnerability
40669 Webkit UTF-7 Cross-Site Scripting Vulnerability
40670 WebKit Fonts Handling Remote Code Execution Vulnerability
40671 WebKit HTML Tables Remote Code Execution Vulnerability
40672 WebKit CSS-Styled HTML Handling Remote Code Execution Vulnerability
40673 Apple Safari PDF Handling Remote Code Execution Vulnerability
40674 Apple Safari Window Management Remote Code Execution Vulnerability
40675 Webkit HTML Document Fragments Cross Site Scripting Vulnerability
40697 WebKit Integer Truncation TCP Port Information Disclosure Vulnerability
40698 WebKit Keyboard Focus Cross Domain Information Disclosure Vulnerability
40704 Apple Safari Authentication Data URI Spoofing Vulnerability
40705 WebKit IRC Port Blacklist Information Disclosure Vulnerability
40707 Webkit DOM Constructor Object Cross Site Scripting Vulnerability
40710 WebKit 'frame.src' Validation Cross Site Scripting Vulnerability
40714 WebKit SVG Image Pattern Cross Domain Security Bypass Vulnerability
40717 WebKit Empty Hostname URI Handling Cross Site Scripting Vulnerability
40726 Webkit 'textarea' Element Cross-Site Scripting Vulnerability
40727 WebKit Cascading Stylesheets 'HREF' Information Disclosure Vulnerability
40732 WebKit HTTP Redirects Information Disclosure Vulnerability
40733 WebKit NTLM Credentials Information Disclosure Vulnerability
40750 WebKit HTTPS Redirect Information Disclosure Vulnerability
40752 WebKit HTTP URI Clipboard Information Disclosure Vulnerability
40753 WebKit Local Storage and Web SQL Database Directory Traversal Vulnerability
40754 WebKit 'execCommand()' Function Clipboard Overwrite Security Weakness
40756 WebKit ':visited' CSS Pseudo-class Information Disclosure Vulnerability


 

Privacy Statement
Copyright 2010, SecurityFocus