RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities

Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.

NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:

35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability


Privacy Statement
Copyright 2010, SecurityFocus