Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:31755
[Eng]
Version
4
Class
patch
ALTXid
180255
Language
Russian
Severity
Critical
Title
Обновление openSUSE-SU-2011:0024-1 -- обновление безопасности для Fixing
Description
Various bugs in webkit have been fixed.
Family
unix
Platform
openSUSE 11.2
openSUSE 11.3
Product
webkit-jsc
Reference
VENDOR: openSUSE-SU-2011:0024-1
VENDOR: openSUSE-SU-2011:0024-1
Id:
openSUSE-SU-2011:0024-1
Reference:
https://lists.opensuse.org/opensuse-updates/2011-01/msg00013.html
CVE: CVE-2009-0945
CVE: CVE-2009-0945
Id:
CVE-2009-0945
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
Comment
: Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
http://code.google.com/p/chromium/issues/detail?id=9019 (CONFIRM)
http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html (CONFIRM)
APPLE-SA-2009-06-17-1 (APPLE)
APPLE-SA-2009-05-12 (APPLE)
APPLE-SA-2009-05-12 (APPLE)
APPLE-SA-2009-05-12 (APPLE)
SUSE-SR:2011:002 (SUSE)
35056 (SECUNIA)
35074 (SECUNIA)
35095 (SECUNIA)
35576 (SECUNIA)
35805 (SECUNIA)
36062 (SECUNIA)
36461 (SECUNIA)
36790 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3549 (CONFIRM)
http://support.apple.com/kb/HT3550 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
DSA-1950 (DEBIAN)
RHSA-2009:1130 (REDHAT)
20090519 ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability (BUGTRAQ)
34924 (BID)
1022207 (SECTRACK)
USN-822-1 (UBUNTU)
USN-836-1 (UBUNTU)
USN-857-1 (UBUNTU)
TA09-133A (CERT)
ADV-2009-1297 (VUPEN)
ADV-2009-1298 (VUPEN)
ADV-2009-1321 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
http://www.zerodayinitiative.com/advisories/ZDI-09-022 (MISC)
safari-webkit-svglist-bo(50477) (XF)
oval:org.mitre.oval:def:11584 (OVAL)
USN-823-1 (UBUNTU)
FEDORA-2009-6166 (FEDORA)
FEDORA-2009-8039 (FEDORA)
FEDORA-2009-8049 (FEDORA)
CVE: CVE-2009-1681
CVE: CVE-2009-1681
Id:
CVE-2009-1681
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1681
Comment
: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54981 (OSVDB)
35379 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
35317 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1684
CVE: CVE-2009-1684
Id:
CVE-2009-1684
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1684
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54987 (OSVDB)
35379 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
1022344 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1685
CVE: CVE-2009-1685
Id:
CVE-2009-1685
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1685
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54983 (OSVDB)
35379 (SECUNIA)
43068 (SECUNIA)
1022344 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
35260 (BID)
35319 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1686
CVE: CVE-2009-1686
Id:
CVE-2009-1686
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1686
Comment
: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
20 (Improper Input Validation)
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54984 (OSVDB)
35379 (SECUNIA)
43068 (SECUNIA)
1022345 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
35260 (BID)
35311 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1687
CVE: CVE-2009-1687
Id:
CVE-2009-1687
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687
Comment
: The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54985 (OSVDB)
35379 (SECUNIA)
36057 (SECUNIA)
36062 (SECUNIA)
36790 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
1022345 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
DSA-1950 (DEBIAN)
MDVSA-2009:330 (MANDRIVA)
35260 (BID)
35309 (BID)
USN-822-1 (UBUNTU)
USN-836-1 (UBUNTU)
USN-857-1 (UBUNTU)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:10260 (OVAL)
FEDORA-2009-8039 (FEDORA)
FEDORA-2009-8049 (FEDORA)
FEDORA-2009-8046 (FEDORA)
FEDORA-2009-8020 (FEDORA)
CVE: CVE-2009-1688
CVE: CVE-2009-1688
Id:
CVE-2009-1688
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1688
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54986 (OSVDB)
35379 (SECUNIA)
43068 (SECUNIA)
1022344 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
35260 (BID)
35320 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1689
CVE: CVE-2009-1689
Id:
CVE-2009-1689
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1689
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54988 (OSVDB)
35379 (SECUNIA)
43068 (SECUNIA)
1022344 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
35260 (BID)
35332 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1690
CVE: CVE-2009-1690
Id:
CVE-2009-1690
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690
Comment
: Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
20090608 Multiple Vendor WebKit Error Handling Use After Free Vulnerability (IDEFENSE)
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54990 (OSVDB)
35379 (SECUNIA)
36057 (SECUNIA)
36062 (SECUNIA)
36790 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
1022345 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
DSA-1950 (DEBIAN)
MDVSA-2009:330 (MANDRIVA)
35260 (BID)
USN-822-1 (UBUNTU)
USN-836-1 (UBUNTU)
USN-857-1 (UBUNTU)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:11009 (OVAL)
FEDORA-2009-8039 (FEDORA)
FEDORA-2009-8049 (FEDORA)
FEDORA-2009-8046 (FEDORA)
FEDORA-2009-8020 (FEDORA)
CVE: CVE-2009-1691
CVE: CVE-2009-1691
Id:
CVE-2009-1691
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1691
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54989 (OSVDB)
35379 (SECUNIA)
43068 (SECUNIA)
1022344 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
35260 (BID)
35330 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1692
CVE: CVE-2009-1692
Id:
CVE-2009-1692
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1692
Comment
: WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT3639 (CONFIRM)
APPLE-SA-2009-06-17-1 (APPLE)
ADV-2009-1621 (VUPEN)
35414 (BID)
55242 (OSVDB)
35446 (BID)
https://bugs.webkit.org/show_bug.cgi?id=23319 (MISC)
http://www.g-sec.lu/one-bug-to-rule-them-all.html (MISC)
DSA-1950 (DEBIAN)
37746 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
36977 (SECUNIA)
http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121 (CONFIRM)
9160 (EXPLOIT-DB)
20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... (BUGTRAQ)
20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... (BUGTRAQ)
20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... (BUGTRAQ)
20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3.... (BUGTRAQ)
CVE: CVE-2009-1693
CVE: CVE-2009-1693
Id:
CVE-2009-1693
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1693
Comment
: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
CWE-Other ()
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
55004 (OSVDB)
35379 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
35331 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1694
CVE: CVE-2009-1694
Id:
CVE-2009-1694
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1694
Comment
: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
CWE-Other ()
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
55005 (OSVDB)
35379 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
35322 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1695
CVE: CVE-2009-1695
Id:
CVE-2009-1695
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1695
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54991 (OSVDB)
35379 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
1022344 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
35328 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1696
CVE: CVE-2009-1696
Id:
CVE-2009-1696
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1696
Comment
: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
310 (Cryptographic Issues)
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
55027 (OSVDB)
35379 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
35260 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1697
CVE: CVE-2009-1697
Id:
CVE-2009-1697
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1697
Comment
: CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
20 (Improper Input Validation)
References:
APPLE-SA-2009-06-08-1 (APPLE)
APPLE-SA-2009-06-17-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54992 (OSVDB)
35379 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
1022344 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
http://support.apple.com/kb/HT3639 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
ADV-2009-1522 (VUPEN)
ADV-2009-1621 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1698
CVE: CVE-2009-1698
Id:
CVE-2009-1698
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698
Comment
: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
http://www.zerodayinitiative.com/advisories/ZDI-09-032/ (MISC)
35260 (BID)
35379 (SECUNIA)
http://support.apple.com/kb/HT3613 (CONFIRM)
ADV-2009-1522 (VUPEN)
APPLE-SA-2009-06-08-1 (APPLE)
1022345 (SECTRACK)
55006 (OSVDB)
35318 (BID)
http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html (MISC)
ADV-2009-1621 (VUPEN)
http://support.apple.com/kb/HT3639 (CONFIRM)
APPLE-SA-2009-06-17-1 (APPLE)
RHSA-2009:1128 (REDHAT)
35588 (SECUNIA)
FEDORA-2009-8020 (FEDORA)
FEDORA-2009-8039 (FEDORA)
FEDORA-2009-8046 (FEDORA)
36057 (SECUNIA)
FEDORA-2009-8049 (FEDORA)
36062 (SECUNIA)
USN-822-1 (UBUNTU)
DSA-1950 (DEBIAN)
37746 (SECUNIA)
MDVSA-2009:330 (MANDRIVA)
USN-857-1 (UBUNTU)
USN-836-1 (UBUNTU)
36790 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
oval:org.mitre.oval:def:9484 (OVAL)
20090614 [TZO-37-2009] Apple Safari
20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (BUGTRAQ)
CVE: CVE-2009-1699
CVE: CVE-2009-1699
Id:
CVE-2009-1699
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1699
Comment
: The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:N/A:N
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE:
611 (Information Exposure Through XML External Entity Reference)
References:
APPLE-SA-2009-06-08-1 (APPLE)
ADV-2009-1522 (VUPEN)
35260 (BID)
35379 (SECUNIA)
http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html (MISC)
http://scary.beasts.org/security/CESA-2009-006.html (MISC)
http://support.apple.com/kb/HT3613 (CONFIRM)
54972 (OSVDB)
35321 (BID)
APPLE-SA-2009-06-17-1 (APPLE)
http://support.apple.com/kb/HT3639 (CONFIRM)
ADV-2009-1621 (VUPEN)
USN-857-1 (UBUNTU)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
8907 (EXPLOIT-DB)
CVE: CVE-2009-1700
CVE: CVE-2009-1700
Id:
CVE-2009-1700
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1700
Comment
: The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
35379 (SECUNIA)
APPLE-SA-2009-06-08-1 (APPLE)
35260 (BID)
ADV-2009-1522 (VUPEN)
http://support.apple.com/kb/HT3613 (CONFIRM)
54973 (OSVDB)
http://support.apple.com/kb/HT3639 (CONFIRM)
ADV-2009-1621 (VUPEN)
APPLE-SA-2009-06-17-1 (APPLE)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1701
CVE: CVE-2009-1701
Id:
CVE-2009-1701
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1701
Comment
: Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT3613 (CONFIRM)
1022345 (SECTRACK)
ADV-2009-1522 (VUPEN)
http://www.zerodayinitiative.com/advisories/ZDI-09-033/ (MISC)
35260 (BID)
APPLE-SA-2009-06-08-1 (APPLE)
35379 (SECUNIA)
35325 (BID)
55008 (OSVDB)
http://support.apple.com/kb/HT3639 (CONFIRM)
APPLE-SA-2009-06-17-1 (APPLE)
ADV-2009-1621 (VUPEN)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
20090608 ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability (BUGTRAQ)
CVE: CVE-2009-1702
CVE: CVE-2009-1702
Id:
CVE-2009-1702
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1702
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
ADV-2009-1522 (VUPEN)
1022344 (SECTRACK)
35379 (SECUNIA)
APPLE-SA-2009-06-08-1 (APPLE)
35260 (BID)
http://support.apple.com/kb/HT3613 (CONFIRM)
54993 (OSVDB)
35327 (BID)
ADV-2009-1621 (VUPEN)
http://support.apple.com/kb/HT3639 (CONFIRM)
APPLE-SA-2009-06-17-1 (APPLE)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1703
CVE: CVE-2009-1703
Id:
CVE-2009-1703
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1703
Comment
: WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
APPLE-SA-2009-06-08-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
55009 (OSVDB)
35379 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3613 (CONFIRM)
35260 (BID)
35333 (BID)
ADV-2009-1522 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1709
CVE: CVE-2009-1709
Id:
CVE-2009-1709
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
Comment
: Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2009-06-08-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
55013 (OSVDB)
35379 (SECUNIA)
35576 (SECUNIA)
36461 (SECUNIA)
43068 (SECUNIA)
1022345 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
MDVSA-2010:182 (MANDRIVA)
RHSA-2009:1130 (REDHAT)
35260 (BID)
35334 (BID)
ADV-2009-1522 (VUPEN)
ADV-2011-0212 (VUPEN)
http://www.zerodayinitiative.com/advisories/ZDI-09-034/ (MISC)
oval:org.mitre.oval:def:10162 (OVAL)
USN-823-1 (UBUNTU)
CVE: CVE-2009-1710
CVE: CVE-2009-1710
Id:
CVE-2009-1710
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1710
Comment
: WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
APPLE-SA-2009-06-08-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
55014 (OSVDB)
35379 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3613 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
35340 (BID)
ADV-2009-1522 (VUPEN)
ADV-2011-0212 (VUPEN)
safari-uielements-spoofing(51263) (XF)
CVE: CVE-2009-1711
CVE: CVE-2009-1711
Id:
CVE-2009-1711
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1711
Comment
: WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2009-06-08-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
55015 (OSVDB)
35379 (SECUNIA)
36790 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
1022345 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
35310 (BID)
USN-836-1 (UBUNTU)
USN-857-1 (UBUNTU)
ADV-2009-1522 (VUPEN)
ADV-2011-0212 (VUPEN)
safari-attrdom-code-execution(51265) (XF)
CVE: CVE-2009-1712
CVE: CVE-2009-1712
Id:
CVE-2009-1712
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1712
Comment
: WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
APPLE-SA-2009-06-08-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
55022 (OSVDB)
35379 (SECUNIA)
36790 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
1022345 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
35350 (BID)
USN-836-1 (UBUNTU)
USN-857-1 (UBUNTU)
ADV-2009-1522 (VUPEN)
ADV-2011-0212 (VUPEN)
safari-applets-code-execution(51266) (XF)
CVE: CVE-2009-1713
CVE: CVE-2009-1713
Id:
CVE-2009-1713
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1713
Comment
: The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
APPLE-SA-2009-06-08-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54975 (OSVDB)
35379 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3613 (CONFIRM)
35260 (BID)
USN-857-1 (UBUNTU)
ADV-2009-1522 (VUPEN)
ADV-2011-0212 (VUPEN)
safari-document-information-disclosure(51267) (XF)
CVE: CVE-2009-1714
CVE: CVE-2009-1714
Id:
CVE-2009-1714
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1714
Comment
: Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
APPLE-SA-2009-06-08-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
55023 (OSVDB)
35379 (SECUNIA)
37746 (SECUNIA)
43068 (SECUNIA)
1022344 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
DSA-1950 (DEBIAN)
35260 (BID)
35348 (BID)
ADV-2009-1522 (VUPEN)
ADV-2011-0212 (VUPEN)
safari-webinspector-xss(51268) (XF)
CVE: CVE-2009-1715
CVE: CVE-2009-1715
Id:
CVE-2009-1715
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1715
Comment
: Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
APPLE-SA-2009-06-08-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
54996 (OSVDB)
35379 (SECUNIA)
43068 (SECUNIA)
1022344 (SECTRACK)
http://support.apple.com/kb/HT3613 (CONFIRM)
35260 (BID)
35349 (BID)
ADV-2009-1522 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1718
CVE: CVE-2009-1718
Id:
CVE-2009-1718
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1718
Comment
: WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
APPLE-SA-2009-06-08-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
35379 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3613 (CONFIRM)
35260 (BID)
ADV-2009-1522 (VUPEN)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-1724
CVE: CVE-2009-1724
Id:
CVE-2009-1724
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1724
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
35441 (BID)
http://support.apple.com/kb/HT3666 (CONFIRM)
APPLE-SA-2009-07-08-1 (APPLE)
ADV-2009-1827 (VUPEN)
35758 (SECUNIA)
55738 (OSVDB)
1022525 (SECTRACK)
http://support.apple.com/kb/HT3860 (CONFIRM)
36677 (SECUNIA)
APPLE-SA-2009-09-09-1 (APPLE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
oval:org.mitre.oval:def:6208 (OVAL)
CVE: CVE-2009-1725
CVE: CVE-2009-1725
Id:
CVE-2009-1725
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725
Comment
: WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
http://support.apple.com/kb/HT3666 (CONFIRM)
APPLE-SA-2009-07-08-1 (APPLE)
35607 (BID)
35758 (SECUNIA)
1022526 (SECTRACK)
55739 (OSVDB)
ADV-2009-1827 (VUPEN)
36062 (SECUNIA)
FEDORA-2009-8046 (FEDORA)
FEDORA-2009-8020 (FEDORA)
FEDORA-2009-8049 (FEDORA)
FEDORA-2009-8039 (FEDORA)
36057 (SECUNIA)
http://websvn.kde.org/?view=rev&revision=1002164 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=513813 (CONFIRM)
http://websvn.kde.org/?view=rev&revision=1002162 (CONFIRM)
FEDORA-2009-8800 (FEDORA)
http://websvn.kde.org/?view=rev&revision=1002163 (CONFIRM)
FEDORA-2009-8802 (FEDORA)
36347 (SECUNIA)
http://support.apple.com/kb/HT3860 (CONFIRM)
36677 (SECUNIA)
APPLE-SA-2009-09-09-1 (APPLE)
DSA-1950 (DEBIAN)
37746 (SECUNIA)
MDVSA-2009:330 (MANDRIVA)
USN-857-1 (UBUNTU)
36790 (SECUNIA)
USN-836-1 (UBUNTU)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:5777 (OVAL)
CVE: CVE-2009-2195
CVE: CVE-2009-2195
Id:
CVE-2009-2195
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2195
Comment
: Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
APPLE-SA-2009-08-11-1 (APPLE)
APPLE-SA-2010-06-21-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
http://support.apple.com/kb/HT3733 (CONFIRM)
http://support.apple.com/kb/HT4225 (CONFIRM)
36023 (BID)
1022717 (SECTRACK)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-2199
CVE: CVE-2009-2199
Id:
CVE-2009-2199
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2199
Comment
: Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE:
CWE-Other ()
References:
APPLE-SA-2009-08-11-1 (APPLE)
http://support.apple.com/kb/HT3733 (CONFIRM)
36026 (BID)
1022719 (SECTRACK)
http://support.apple.com/kb/HT3860 (CONFIRM)
36677 (SECUNIA)
APPLE-SA-2009-09-09-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
CVE: CVE-2009-2200
CVE: CVE-2009-2200
Id:
CVE-2009-2200
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2200
Comment
: WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:N/A:N
CWE:
200 (Information Exposure)
References:
APPLE-SA-2009-08-11-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
http://support.apple.com/kb/HT3733 (CONFIRM)
36024 (BID)
1022720 (SECTRACK)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-2419
CVE: CVE-2009-2419
Id:
CVE-2009-2419
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2419
Comment
: Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
SUSE-SR:2011:002 (SUSE)
http://marcell-dietl.de/index/adv_safari_4_x_js_reload_dos.php (MISC)
33495 (SECUNIA)
43068 (SECUNIA)
http://trac.webkit.org/changeset/44519 (CONFIRM)
55587 (OSVDB)
35555 (BID)
ADV-2011-0212 (VUPEN)
safari-servependingrequests-dos(51533) (XF)
CVE: CVE-2009-2797
CVE: CVE-2009-2797
Id:
CVE-2009-2797
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
Comment
: The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
APPLE-SA-2009-09-09-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
36677 (SECUNIA)
41856 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3860 (CONFIRM)
MDVSA-2011:039 (MANDRIVA)
36339 (BID)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
ADV-2011-0212 (VUPEN)
ADV-2011-0552 (VUPEN)
ipod-ipone-referer-info-disclosure(53187) (XF)
CVE: CVE-2009-2816
CVE: CVE-2009-2816
Id:
CVE-2009-2816
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2816
Comment
: The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
352 ()
References:
http://support.apple.com/kb/HT3949 (CONFIRM)
APPLE-SA-2009-11-11-1 (APPLE)
https://bugzilla.redhat.com/show_bug.cgi?id=525789 (CONFIRM)
FEDORA-2009-11487 (FEDORA)
FEDORA-2009-11491 (FEDORA)
37346 (SECUNIA)
ADV-2009-3217 (VUPEN)
36997 (BID)
37358 (SECUNIA)
ADV-2009-3233 (VUPEN)
37397 (SECUNIA)
59940 (OSVDB)
59967 (OSVDB)
1023165 (SECTRACK)
37393 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
safari-crossorigin-csrf(54239) (XF)
oval:org.mitre.oval:def:6516 (OVAL)
CVE: CVE-2009-2841
CVE: CVE-2009-2841
Id:
CVE-2009-2841
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
Comment
: The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
APPLE-SA-2009-11-11-1 (APPLE)
APPLE-SA-2010-02-02-1 (APPLE)
FEDORA-2010-11011 (FEDORA)
FEDORA-2010-11020 (FEDORA)
SUSE-SR:2011:002 (SUSE)
59941 (OSVDB)
37346 (SECUNIA)
40557 (SECUNIA)
41856 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3949 (CONFIRM)
http://support.apple.com/kb/HT4013 (CONFIRM)
http://threatpost.com/en_us/blogs/apple-patches-critical-safari-vulnerabilities-111109 (MISC)
http://trac.webkit.org/changeset/49480 (CONFIRM)
MDVSA-2011:039 (MANDRIVA)
36996 (BID)
1023167 (SECTRACK)
USN-1006-1 (UBUNTU)
ADV-2009-3217 (VUPEN)
ADV-2010-1801 (VUPEN)
ADV-2010-2722 (VUPEN)
ADV-2011-0212 (VUPEN)
ADV-2011-0552 (VUPEN)
https://bugzilla.redhat.com/show_bug.cgi?id=525791 (CONFIRM)
safari-5media-security-bypass(54242) (XF)
CVE: CVE-2009-3272
CVE: CVE-2009-3272
Id:
CVE-2009-3272
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3272
Comment
: Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
9606 (EXPLOIT-DB)
ADV-2011-0212 (VUPEN)
CVE: CVE-2009-3384
CVE: CVE-2009-3384
Id:
CVE-2009-3384
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3384
Comment
: Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
APPLE-SA-2009-11-11-1 (APPLE)
APPLE-SA-2010-02-02-1 (APPLE)
SUSE-SR:2011:002 (SUSE)
59943 (OSVDB)
37346 (SECUNIA)
37393 (SECUNIA)
37397 (SECUNIA)
43068 (SECUNIA)
http://support.apple.com/kb/HT3949 (CONFIRM)
http://support.apple.com/kb/HT4013 (CONFIRM)
36995 (BID)
1023166 (SECTRACK)
ADV-2009-3217 (VUPEN)
ADV-2011-0212 (VUPEN)
https://bugzilla.redhat.com/show_bug.cgi?id=525788 (CONFIRM)
safari-ftp-code-execution(54241) (XF)
oval:org.mitre.oval:def:6362 (OVAL)
FEDORA-2009-11487 (FEDORA)
FEDORA-2009-11491 (FEDORA)
CVE: CVE-2009-3933
CVE: CVE-2009-3933
Id:
CVE-2009-3933
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3933
Comment
: WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
http://code.google.com/p/chromium/issues/detail?id=25892 (CONFIRM)
http://codereview.chromium.org/339039 (CONFIRM)
http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html (CONFIRM)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/webkit.gyp?r1=30311&r2=30310 (CONFIRM)
http://src.chromium.org/viewvc/chrome?view=rev&revision=30311 (CONFIRM)
http://trac.webkit.org/changeset/50173 (CONFIRM)
59745 (OSVDB)
ADV-2011-0212 (VUPEN)
https://bugs.webkit.org/show_bug.cgi?id=30833 (CONFIRM)
googlechrome-webkit-dos(54297) (XF)
CVE: CVE-2009-3934
CVE: CVE-2009-3934
Id:
CVE-2009-3934
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3934
Comment
: The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
http://code.google.com/p/chromium/issues/detail?id=22205 (CONFIRM)
http://codereview.chromium.org/326015 (CONFIRM)
http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html (CONFIRM)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771 (CONFIRM)
http://src.chromium.org/viewvc/chrome?view=rev&revision=30772 (CONFIRM)
59744 (OSVDB)
ADV-2011-0212 (VUPEN)
googlechrome-webframeloader-dos(54296) (XF)
CVE: CVE-2010-0046
CVE: CVE-2010-0046
Id:
CVE-2010-0046
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
Comment
: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
38671 (BID)
http://support.apple.com/kb/HT4070 (CONFIRM)
APPLE-SA-2010-03-11-1 (APPLE)
1023708 (SECTRACK)
FEDORA-2010-8360 (FEDORA)
FEDORA-2010-8423 (FEDORA)
FEDORA-2010-8379 (FEDORA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7053 (OVAL)
CVE: CVE-2010-0047
CVE: CVE-2010-0047
Id:
CVE-2010-0047
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
38671 (BID)
http://support.apple.com/kb/HT4070 (CONFIRM)
APPLE-SA-2010-03-11-1 (APPLE)
1023708 (SECTRACK)
FEDORA-2010-8379 (FEDORA)
FEDORA-2010-8423 (FEDORA)
FEDORA-2010-8360 (FEDORA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6882 (OVAL)
CVE: CVE-2010-0048
CVE: CVE-2010-0048
Id:
CVE-2010-0048
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-03-11-1 (APPLE)
http://support.apple.com/kb/HT4070 (CONFIRM)
38671 (BID)
1023708 (SECTRACK)
FEDORA-2010-8379 (FEDORA)
FEDORA-2010-8423 (FEDORA)
FEDORA-2010-8360 (FEDORA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7135 (OVAL)
CVE: CVE-2010-0049
CVE: CVE-2010-0049
Id:
CVE-2010-0049
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-03-11-1 (APPLE)
http://support.apple.com/kb/HT4070 (CONFIRM)
38671 (BID)
62942 (OSVDB)
1023708 (SECTRACK)
FEDORA-2010-8360 (FEDORA)
FEDORA-2010-8423 (FEDORA)
20100311 Multiple Vendor WebKit HTML Element Use After Free Vulnerability (IDEFENSE)
FEDORA-2010-8379 (FEDORA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6810 (OVAL)
CVE: CVE-2010-0050
CVE: CVE-2010-0050
Id:
CVE-2010-0050
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
http://support.apple.com/kb/HT4070 (CONFIRM)
APPLE-SA-2010-03-11-1 (APPLE)
38671 (BID)
1023708 (SECTRACK)
FEDORA-2010-8423 (FEDORA)
FEDORA-2010-8360 (FEDORA)
FEDORA-2010-8379 (FEDORA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
safari-nested-html-code-exec(56836) (XF)
oval:org.mitre.oval:def:7587 (OVAL)
CVE: CVE-2010-0051
CVE: CVE-2010-0051
Id:
CVE-2010-0051
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
Comment
: WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
20 (Improper Input Validation)
References:
APPLE-SA-2010-03-11-1 (APPLE)
http://support.apple.com/kb/HT4070 (CONFIRM)
38671 (BID)
62944 (OSVDB)
1023708 (SECTRACK)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
http://websec.sv.cmu.edu/css/css.pdf (MISC)
http://code.google.com/p/chromium/issues/detail?id=9877 (MISC)
http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html (MISC)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
safari-stylesheet-info-disclosure(56837) (XF)
oval:org.mitre.oval:def:7554 (OVAL)
CVE: CVE-2010-0052
CVE: CVE-2010-0052
Id:
CVE-2010-0052
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT4070 (CONFIRM)
38671 (BID)
APPLE-SA-2010-03-11-1 (APPLE)
1023708 (SECTRACK)
FEDORA-2010-8360 (FEDORA)
FEDORA-2010-8423 (FEDORA)
FEDORA-2010-8379 (FEDORA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7403 (OVAL)
CVE: CVE-2010-0053
CVE: CVE-2010-0053
Id:
CVE-2010-0053
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-03-11-1 (APPLE)
38671 (BID)
http://support.apple.com/kb/HT4070 (CONFIRM)
62948 (OSVDB)
1023708 (SECTRACK)
FEDORA-2010-8423 (FEDORA)
FEDORA-2010-8360 (FEDORA)
FEDORA-2010-8379 (FEDORA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7323 (OVAL)
CVE: CVE-2010-0054
CVE: CVE-2010-0054
Id:
CVE-2010-0054
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-03-11-1 (APPLE)
38671 (BID)
http://support.apple.com/kb/HT4070 (CONFIRM)
62949 (OSVDB)
1023708 (SECTRACK)
FEDORA-2010-8379 (FEDORA)
FEDORA-2010-8360 (FEDORA)
FEDORA-2010-8423 (FEDORA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6915 (OVAL)
CVE: CVE-2010-0315
CVE: CVE-2010-0315
Id:
CVE-2010-0315
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0315
Comment
: WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html (MISC)
https://bugs.webkit.org/show_bug.cgi?id=33683 (CONFIRM)
38177 (BID)
1023583 (SECTRACK)
http://trac.webkit.org/changeset/53607 (CONFIRM)
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs (CONFIRM)
http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html (CONFIRM)
ADV-2010-0361 (VUPEN)
http://code.google.com/p/chromium/issues/detail?id=32309 (CONFIRM)
38545 (SECUNIA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
googlechrome-iframe-info-disc(56215) (XF)
google-chrome-href-info-disclosure(55683) (XF)
oval:org.mitre.oval:def:14452 (OVAL)
CVE: CVE-2010-0647
CVE: CVE-2010-0647
Id:
CVE-2010-0647
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647
Comment
: WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
http://trac.webkit.org/changeset/53525 (CONFIRM)
38177 (BID)
1023583 (SECTRACK)
ADV-2010-0361 (VUPEN)
http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=31692 (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=33266 (CONFIRM)
62317 (OSVDB)
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs (CONFIRM)
38545 (SECUNIA)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
googlechrome-ruby-tags-code-exec(56214) (XF)
oval:org.mitre.oval:def:14094 (OVAL)
CVE: CVE-2010-0650
CVE: CVE-2010-0650
Id:
CVE-2010-0650
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650
Comment
: WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
https://bugs.webkit.org/show_bug.cgi?id=21501 (CONFIRM)
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=3275 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html (CONFIRM)
1023506 (SECTRACK)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
38373 (BID)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:13791 (OVAL)
CVE: CVE-2010-0651
CVE: CVE-2010-0651
Id:
CVE-2010-0651
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651
Comment
: WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
1023506 (SECTRACK)
http://trac.webkit.org/changeset/52784 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html (CONFIRM)
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=29820 (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=9877 (CONFIRM)
http://websec.sv.cmu.edu/css/css.pdf (MISC)
http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html (MISC)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:13653 (OVAL)
CVE: CVE-2010-0656
CVE: CVE-2010-0656
Id:
CVE-2010-0656
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656
Comment
: WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
http://trac.webkit.org/changeset/51295 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html (CONFIRM)
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs (CONFIRM)
1023506 (SECTRACK)
http://code.google.com/p/chromium/issues/detail?id=20450 (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=31329 (CONFIRM)
38372 (BID)
FEDORA-2010-8423 (FEDORA)
FEDORA-2010-8360 (FEDORA)
FEDORA-2010-8379 (FEDORA)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:14501 (OVAL)
CVE: CVE-2010-0659
CVE: CVE-2010-0659
Id:
CVE-2010-0659
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0659
Comment
: The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
http://code.google.com/p/chromium/issues/detail?id=28566 (CONFIRM)
http://trac.webkit.org/changeset/52833 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html (CONFIRM)
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs (CONFIRM)
1023506 (SECTRACK)
https://bugs.webkit.org/show_bug.cgi?id=33231 (CONFIRM)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:14079 (OVAL)
CVE: CVE-2010-0661
CVE: CVE-2010-0661
Id:
CVE-2010-0661
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0661
Comment
: WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://trac.webkit.org/changeset/52401 (CONFIRM)
http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs (CONFIRM)
1023506 (SECTRACK)
https://bugs.webkit.org/show_bug.cgi?id=32647 (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=30660 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html (CONFIRM)
http://flock.com/security/ (CONFIRM)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
oval:org.mitre.oval:def:14482 (OVAL)
CVE: CVE-2010-1029
CVE: CVE-2010-1029
Id:
CVE-2010-1029
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1029
Comment
: Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
38398 (BID)
11567 (EXPLOIT-DB)
11574 (EXPLOIT-DB)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
webkit-cssselector-dos(56527) (XF)
safari-chrome-css-bo(56524) (XF)
oval:org.mitre.oval:def:14301 (OVAL)
CVE: CVE-2010-1126
CVE: CVE-2010-1126
Id:
CVE-2010-1126
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1126
Comment
: The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
200 (Information Exposure)
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=552255 (MISC)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
20100313 ...because you can't get enough of clickjacking (BUGTRAQ)
CVE: CVE-2010-1233
CVE: CVE-2010-1233
Id:
CVE-2010-1233
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1233
Comment
: Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=35724 (CONFIRM)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
oval:org.mitre.oval:def:14023 (OVAL)
CVE: CVE-2010-1236
CVE: CVE-2010-1236
Id:
CVE-2010-1236
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1236
Comment
: The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
http://code.google.com/p/chromium/issues/detail?id=37383 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html (CONFIRM)
http://flock.com/security/ (CONFIRM)
http://src.chromium.org/viewvc/chrome?view=rev&revision=41244 (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=35948 (CONFIRM)
http://codereview.chromium.org/858001 (CONFIRM)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:14067 (OVAL)
CVE: CVE-2010-1386
CVE: CVE-2010-1386
Id:
CVE-2010-1386
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
Comment
: page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://trac.webkit.org/changeset/56188 (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=36255 (CONFIRM)
http://security-tracker.debian.org/tracker/CVE-2010-1386 (CONFIRM)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
42500 (BID)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
CVE: CVE-2010-1387
CVE: CVE-2010-1387
Id:
CVE-2010-1387
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387
Comment
: Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
1024108 (SECTRACK)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
41016 (BID)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
itunes-webkit-unspecified-var1(59506) (XF)
oval:org.mitre.oval:def:7061 (OVAL)
CVE: CVE-2010-1388
CVE: CVE-2010-1388
Id:
CVE-2010-1388
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1388
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
1024067 (SECTRACK)
40105 (SECUNIA)
http://support.apple.com/kb/HT4196 (CONFIRM)
40620 (BID)
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
40752 (BID)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
CVE: CVE-2010-1389
CVE: CVE-2010-1389
Id:
CVE-2010-1389
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
APPLE-SA-2010-06-07-1 (APPLE)
40620 (BID)
ADV-2010-1373 (VUPEN)
40105 (SECUNIA)
http://support.apple.com/kb/HT4196 (CONFIRM)
1024067 (SECTRACK)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6649 (OVAL)
CVE: CVE-2010-1390
CVE: CVE-2010-1390
Id:
CVE-2010-1390
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
http://support.apple.com/kb/HT4196 (CONFIRM)
40105 (SECUNIA)
40620 (BID)
1024067 (SECTRACK)
APPLE-SA-2010-06-07-1 (APPLE)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
40196 (SECUNIA)
APPLE-SA-2010-06-21-1 (APPLE)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6888 (OVAL)
CVE: CVE-2010-1391
CVE: CVE-2010-1391
Id:
CVE-2010-1391
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
Comment
: Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))
References:
http://support.apple.com/kb/HT4196 (CONFIRM)
40105 (SECUNIA)
40620 (BID)
APPLE-SA-2010-06-07-1 (APPLE)
1024067 (SECTRACK)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
40753 (BID)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7082 (OVAL)
CVE: CVE-2010-1392
CVE: CVE-2010-1392
Id:
CVE-2010-1392
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
40105 (SECUNIA)
40620 (BID)
http://support.apple.com/kb/HT4196 (CONFIRM)
ADV-2010-1373 (VUPEN)
1024067 (SECTRACK)
APPLE-SA-2010-06-07-1 (APPLE)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7024 (OVAL)
20100608 VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392) (BUGTRAQ)
CVE: CVE-2010-1393
CVE: CVE-2010-1393
Id:
CVE-2010-1393
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
Comment
: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
1024067 (SECTRACK)
40620 (BID)
40105 (SECUNIA)
http://support.apple.com/kb/HT4196 (CONFIRM)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-16-1 (APPLE)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7346 (OVAL)
CVE: CVE-2010-1394
CVE: CVE-2010-1394
Id:
CVE-2010-1394
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
40105 (SECUNIA)
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
40620 (BID)
1024067 (SECTRACK)
http://support.apple.com/kb/HT4196 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7552 (OVAL)
CVE: CVE-2010-1395
CVE: CVE-2010-1395
Id:
CVE-2010-1395
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
1024067 (SECTRACK)
APPLE-SA-2010-06-07-1 (APPLE)
http://support.apple.com/kb/HT4196 (CONFIRM)
ADV-2010-1373 (VUPEN)
40620 (BID)
40105 (SECUNIA)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7464 (OVAL)
CVE: CVE-2010-1396
CVE: CVE-2010-1396
Id:
CVE-2010-1396
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
1024067 (SECTRACK)
40105 (SECUNIA)
40620 (BID)
APPLE-SA-2010-06-07-1 (APPLE)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4196 (CONFIRM)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
40647 (BID)
http://www.zerodayinitiative.com/advisories/ZDI-10-092 (MISC)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7288 (OVAL)
CVE: CVE-2010-1397
CVE: CVE-2010-1397
Id:
CVE-2010-1397
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
40620 (BID)
1024067 (SECTRACK)
40105 (SECUNIA)
http://support.apple.com/kb/HT4196 (CONFIRM)
http://www.zerodayinitiative.com/advisories/ZDI-10-095 (MISC)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6912 (OVAL)
20100608 ZDI-10-095: Apple Webkit DOCUMENT_POSITION_DISCONNECTED Attribute Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-1398
CVE: CVE-2010-1398
Id:
CVE-2010-1398
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
40105 (SECUNIA)
1024067 (SECTRACK)
40620 (BID)
http://support.apple.com/kb/HT4196 (CONFIRM)
http://www.zerodayinitiative.com/advisories/ZDI-10-097 (MISC)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7556 (OVAL)
20100608 ZDI-10-097: Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-1399
CVE: CVE-2010-1399
Id:
CVE-2010-1399
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1399
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
40620 (BID)
http://support.apple.com/kb/HT4196 (CONFIRM)
40105 (SECUNIA)
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
1024067 (SECTRACK)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
oval:org.mitre.oval:def:6709 (OVAL)
CVE: CVE-2010-1400
CVE: CVE-2010-1400
Id:
CVE-2010-1400
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT4196 (CONFIRM)
40620 (BID)
1024067 (SECTRACK)
APPLE-SA-2010-06-07-1 (APPLE)
40105 (SECUNIA)
ADV-2010-1373 (VUPEN)
20100607 Multiple Vendor WebKit HTML Caption Use After Free Vulnerability (IDEFENSE)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7031 (OVAL)
CVE: CVE-2010-1401
CVE: CVE-2010-1401
Id:
CVE-2010-1401
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
Comment
: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
40105 (SECUNIA)
ADV-2010-1373 (VUPEN)
40620 (BID)
1024067 (SECTRACK)
APPLE-SA-2010-06-07-1 (APPLE)
http://support.apple.com/kb/HT4196 (CONFIRM)
http://www.zerodayinitiative.com/advisories/ZDI-10-098 (MISC)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4225 (CONFIRM)
40196 (SECUNIA)
APPLE-SA-2010-06-21-1 (APPLE)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6981 (OVAL)
20100608 ZDI-10-098: Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-1402
CVE: CVE-2010-1402
Id:
CVE-2010-1402
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
Comment
: Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-06-07-1 (APPLE)
ADV-2010-1373 (VUPEN)
40105 (SECUNIA)
40620 (BID)
1024067 (SECTRACK)
http://support.apple.com/kb/HT4196 (CONFIRM)
http://www.zerodayinitiative.com/advisories/ZDI-10-100 (MISC)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7071 (OVAL)
20100608 ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-1403
CVE: CVE-2010-1403
Id:
CVE-2010-1403
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
APPLE-SA-2010-06-07-1 (APPLE)
1024067 (SECTRACK)
40105 (SECUNIA)
ADV-2010-1373 (VUPEN)
40620 (BID)
http://support.apple.com/kb/HT4196 (CONFIRM)
http://www.zerodayinitiative.com/advisories/ZDI-10-099/ (MISC)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
http://support.apple.com/kb/HT4225 (CONFIRM)
40196 (SECUNIA)
APPLE-SA-2010-06-21-1 (APPLE)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7519 (OVAL)
20100608 ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-1404
CVE: CVE-2010-1404
Id:
CVE-2010-1404
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-06-07-1 (APPLE)
ADV-2010-1373 (VUPEN)
40105 (SECUNIA)
40620 (BID)
1024067 (SECTRACK)
http://support.apple.com/kb/HT4196 (CONFIRM)
http://www.zerodayinitiative.com/advisories/ZDI-10-096 (MISC)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7497 (OVAL)
20100608 ZDI-10-096: Apple Webkit Recursive Use Element Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-1405
CVE: CVE-2010-1405
Id:
CVE-2010-1405
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
40620 (BID)
APPLE-SA-2010-06-07-1 (APPLE)
1024067 (SECTRACK)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4196 (CONFIRM)
40105 (SECUNIA)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
40659 (BID)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7252 (OVAL)
CVE: CVE-2010-1406
CVE: CVE-2010-1406
Id:
CVE-2010-1406
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
40620 (BID)
APPLE-SA-2010-06-07-1 (APPLE)
1024067 (SECTRACK)
http://support.apple.com/kb/HT4196 (CONFIRM)
ADV-2010-1373 (VUPEN)
40105 (SECUNIA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7197 (OVAL)
CVE: CVE-2010-1407
CVE: CVE-2010-1407
Id:
CVE-2010-1407
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407
Comment
: WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
41016 (BID)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
appleios-historyreplace-info-disclosure(59629) (XF)
CVE: CVE-2010-1408
CVE: CVE-2010-1408
Id:
CVE-2010-1408
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://support.apple.com/kb/HT4196 (CONFIRM)
40620 (BID)
1024067 (SECTRACK)
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
40105 (SECUNIA)
40697 (BID)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
40196 (SECUNIA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7295 (OVAL)
CVE: CVE-2010-1409
CVE: CVE-2010-1409
Id:
CVE-2010-1409
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
Comment
: Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
CWE-Other ()
References:
40105 (SECUNIA)
1024067 (SECTRACK)
http://support.apple.com/kb/HT4196 (CONFIRM)
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
40620 (BID)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6836 (OVAL)
CVE: CVE-2010-1410
CVE: CVE-2010-1410
Id:
CVE-2010-1410
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
APPLE-SA-2010-06-07-1 (APPLE)
ADV-2010-1373 (VUPEN)
40620 (BID)
1024067 (SECTRACK)
http://support.apple.com/kb/HT4196 (CONFIRM)
40105 (SECUNIA)
40657 (BID)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-16-1 (APPLE)
40196 (SECUNIA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7150 (OVAL)
CVE: CVE-2010-1412
CVE: CVE-2010-1412
Id:
CVE-2010-1412
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
40620 (BID)
1024067 (SECTRACK)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4196 (CONFIRM)
APPLE-SA-2010-06-07-1 (APPLE)
40105 (SECUNIA)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-16-1 (APPLE)
40196 (SECUNIA)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7606 (OVAL)
CVE: CVE-2010-1413
CVE: CVE-2010-1413
Id:
CVE-2010-1413
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1413
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
310 (Cryptographic Issues)
References:
1024067 (SECTRACK)
40620 (BID)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4196 (CONFIRM)
40105 (SECUNIA)
APPLE-SA-2010-06-07-1 (APPLE)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
40733 (BID)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:7255 (OVAL)
CVE: CVE-2010-1414
CVE: CVE-2010-1414
Id:
CVE-2010-1414
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
1024067 (SECTRACK)
40105 (SECUNIA)
http://support.apple.com/kb/HT4196 (CONFIRM)
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
40620 (BID)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
40196 (SECUNIA)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7041 (OVAL)
CVE: CVE-2010-1415
CVE: CVE-2010-1415
Id:
CVE-2010-1415
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
40620 (BID)
40105 (SECUNIA)
1024067 (SECTRACK)
http://support.apple.com/kb/HT4196 (CONFIRM)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7374 (OVAL)
CVE: CVE-2010-1416
CVE: CVE-2010-1416
Id:
CVE-2010-1416
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
40620 (BID)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4196 (CONFIRM)
APPLE-SA-2010-06-07-1 (APPLE)
1024067 (SECTRACK)
40105 (SECUNIA)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
40196 (SECUNIA)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7401 (OVAL)
CVE: CVE-2010-1417
CVE: CVE-2010-1417
Id:
CVE-2010-1417
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
Comment
: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://support.apple.com/kb/HT4196 (CONFIRM)
1024067 (SECTRACK)
40105 (SECUNIA)
40620 (BID)
APPLE-SA-2010-06-07-1 (APPLE)
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
40672 (BID)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6876 (OVAL)
CVE: CVE-2010-1418
CVE: CVE-2010-1418
Id:
CVE-2010-1418
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
ADV-2010-1373 (VUPEN)
1024067 (SECTRACK)
APPLE-SA-2010-06-07-1 (APPLE)
http://support.apple.com/kb/HT4196 (CONFIRM)
40620 (BID)
40105 (SECUNIA)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
40196 (SECUNIA)
APPLE-SA-2010-06-21-1 (APPLE)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6871 (OVAL)
CVE: CVE-2010-1419
CVE: CVE-2010-1419
Id:
CVE-2010-1419
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
40105 (SECUNIA)
40620 (BID)
1024067 (SECTRACK)
http://support.apple.com/kb/HT4196 (CONFIRM)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
40196 (SECUNIA)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7314 (OVAL)
CVE: CVE-2010-1421
CVE: CVE-2010-1421
Id:
CVE-2010-1421
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
Comment
: The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
40620 (BID)
ADV-2010-1373 (VUPEN)
1024067 (SECTRACK)
APPLE-SA-2010-06-07-1 (APPLE)
40105 (SECUNIA)
http://support.apple.com/kb/HT4196 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:6739 (OVAL)
CVE: CVE-2010-1422
CVE: CVE-2010-1422
Id:
CVE-2010-1422
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
40620 (BID)
40105 (SECUNIA)
http://support.apple.com/kb/HT4196 (CONFIRM)
ADV-2010-1373 (VUPEN)
1024067 (SECTRACK)
APPLE-SA-2010-06-07-1 (APPLE)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
40196 (SECUNIA)
https://bugzilla.mozilla.org/show_bug.cgi?id=552255 (MISC)
http://support.apple.com/kb/HT4334 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7591 (OVAL)
CVE: CVE-2010-1729
CVE: CVE-2010-1729
Id:
CVE-2010-1729
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1729
Comment
: WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
http://h.ackack.net/?p=258 (MISC)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
CVE: CVE-2010-1749
CVE: CVE-2010-1749
Id:
CVE-2010-1749
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1749
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4196 (CONFIRM)
40105 (SECUNIA)
1024067 (SECTRACK)
40620 (BID)
APPLE-SA-2010-06-07-1 (APPLE)
http://www.zerodayinitiative.com/advisories/ZDI-10-101 (MISC)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
oval:org.mitre.oval:def:7180 (OVAL)
20100608 ZDI-10-101: Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-1757
CVE: CVE-2010-1757
Id:
CVE-2010-1757
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1757
Comment
: WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
41016 (BID)
41068 (BID)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
CVE: CVE-2010-1758
CVE: CVE-2010-1758
Id:
CVE-2010-1758
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
ADV-2010-1373 (VUPEN)
40105 (SECUNIA)
1024067 (SECTRACK)
http://support.apple.com/kb/HT4196 (CONFIRM)
40620 (BID)
APPLE-SA-2010-06-07-1 (APPLE)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7335 (OVAL)
CVE: CVE-2010-1759
CVE: CVE-2010-1759
Id:
CVE-2010-1759
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
ADV-2010-1373 (VUPEN)
40105 (SECUNIA)
APPLE-SA-2010-06-07-1 (APPLE)
40620 (BID)
http://support.apple.com/kb/HT4196 (CONFIRM)
1024067 (SECTRACK)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7005 (OVAL)
CVE: CVE-2010-1760
CVE: CVE-2010-1760
Id:
CVE-2010-1760
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760
Comment
: loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
255 (Credentials Management)
References:
42494 (BID)
https://bugs.webkit.org/show_bug.cgi?id=37781 (CONFIRM)
http://trac.webkit.org/changeset/58409 (CONFIRM)
http://security-tracker.debian.org/tracker/CVE-2010-1760 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
CVE: CVE-2010-1761
CVE: CVE-2010-1761
Id:
CVE-2010-1761
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
40105 (SECUNIA)
40620 (BID)
APPLE-SA-2010-06-07-1 (APPLE)
http://support.apple.com/kb/HT4196 (CONFIRM)
ADV-2010-1373 (VUPEN)
1024067 (SECTRACK)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
http://support.apple.com/kb/HT4225 (CONFIRM)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7157 (OVAL)
CVE: CVE-2010-1762
CVE: CVE-2010-1762
Id:
CVE-2010-1762
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
Comment
: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
40620 (BID)
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
1024067 (SECTRACK)
40105 (SECUNIA)
http://support.apple.com/kb/HT4196 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7503 (OVAL)
CVE: CVE-2010-1763
CVE: CVE-2010-1763
Id:
CVE-2010-1763
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1763
Comment
: Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
1024108 (SECTRACK)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
itunes-webkit-unspecified-var2(59507) (XF)
oval:org.mitre.oval:def:7221 (OVAL)
CVE: CVE-2010-1764
CVE: CVE-2010-1764
Id:
CVE-2010-1764
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
40105 (SECUNIA)
APPLE-SA-2010-06-07-1 (APPLE)
1024067 (SECTRACK)
40620 (BID)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4196 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7347 (OVAL)
CVE: CVE-2010-1766
CVE: CVE-2010-1766
Id:
CVE-2010-1766
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766
Comment
: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
189 (Numeric Errors)
References:
https://bugs.webkit.org/show_bug.cgi?id=36339 (CONFIRM)
ADV-2010-1801 (VUPEN)
FEDORA-2010-11020 (FEDORA)
https://bugzilla.redhat.com/show_bug.cgi?id=596494 (CONFIRM)
40557 (SECUNIA)
http://trac.webkit.org/changeset/56380 (CONFIRM)
FEDORA-2010-11011 (FEDORA)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
CVE: CVE-2010-1767
CVE: CVE-2010-1767
Id:
CVE-2010-1767
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767
Comment
: Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
352 ()
References:
http://security-tracker.debian.org/tracker/CVE-2010-1767 (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=39698 (CONFIRM)
64002 (OSVDB)
39544 (SECUNIA)
https://bugs.webkit.org/show_bug.cgi?id=36843 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html (CONFIRM)
39603 (BID)
http://trac.webkit.org/changeset/57041 (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11140 (OVAL)
CVE: CVE-2010-1769
CVE: CVE-2010-1769
Id:
CVE-2010-1769
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1769
Comment
: WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
APPLE-SA-2010-06-16-1 (APPLE)
1024108 (SECTRACK)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-21-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
41016 (BID)
40196 (SECUNIA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
itunes-webkit-unspecified-var3(59508) (XF)
oval:org.mitre.oval:def:7178 (OVAL)
CVE: CVE-2010-1770
CVE: CVE-2010-1770
Id:
CVE-2010-1770
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
1024067 (SECTRACK)
ADV-2010-1373 (VUPEN)
APPLE-SA-2010-06-07-1 (APPLE)
http://support.apple.com/kb/HT4196 (CONFIRM)
40620 (BID)
40105 (SECUNIA)
http://zerodayinitiative.com/advisories/ZDI-10-093/ (MISC)
http://code.google.com/p/chromium/issues/detail?id=43487 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html (CONFIRM)
40072 (SECUNIA)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:7099 (OVAL)
CVE: CVE-2010-1771
CVE: CVE-2010-1771
Id:
CVE-2010-1771
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT4196 (CONFIRM)
APPLE-SA-2010-06-07-1 (APPLE)
40620 (BID)
1024067 (SECTRACK)
40105 (SECUNIA)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4220 (CONFIRM)
APPLE-SA-2010-06-16-1 (APPLE)
ADV-2010-1512 (VUPEN)
40196 (SECUNIA)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
safari-webkit-fonts-ce(59214) (XF)
oval:org.mitre.oval:def:6862 (OVAL)
CVE: CVE-2010-1772
CVE: CVE-2010-1772
Id:
CVE-2010-1772
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
Comment
: Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
40072 (SECUNIA)
https://bugs.webkit.org/show_bug.cgi?id=39388 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html (CONFIRM)
http://trac.webkit.org/changeset/59859 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=596498 (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=44868 (CONFIRM)
ADV-2010-1801 (VUPEN)
FEDORA-2010-11020 (FEDORA)
FEDORA-2010-11011 (FEDORA)
40557 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11661 (OVAL)
CVE: CVE-2010-1773
CVE: CVE-2010-1773
Id:
CVE-2010-1773
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
Comment
: Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
193 (Off-by-one Error)
References:
FEDORA-2010-11011 (FEDORA)
40072 (SECUNIA)
https://bugzilla.redhat.com/show_bug.cgi?id=596500 (CONFIRM)
FEDORA-2010-11020 (FEDORA)
http://trac.webkit.org/changeset/59950 (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=39508 (CONFIRM)
40557 (SECUNIA)
ADV-2010-1801 (VUPEN)
http://code.google.com/p/chromium/issues/detail?id=44955 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
41575 (BID)
oval:org.mitre.oval:def:11830 (OVAL)
CVE: CVE-2010-1774
CVE: CVE-2010-1774
Id:
CVE-2010-1774
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
Comment
: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
1024067 (SECTRACK)
40105 (SECUNIA)
40620 (BID)
ADV-2010-1373 (VUPEN)
http://support.apple.com/kb/HT4196 (CONFIRM)
APPLE-SA-2010-06-07-1 (APPLE)
http://support.apple.com/kb/HT4220 (CONFIRM)
ADV-2010-1512 (VUPEN)
APPLE-SA-2010-06-16-1 (APPLE)
http://support.apple.com/kb/HT4225 (CONFIRM)
APPLE-SA-2010-06-21-1 (APPLE)
40196 (SECUNIA)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
safari-webkit-htmltables-ce(59218) (XF)
oval:org.mitre.oval:def:7476 (OVAL)
CVE: CVE-2010-1780
CVE: CVE-2010-1780
Id:
CVE-2010-1780
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT4276 (CONFIRM)
42020 (BID)
APPLE-SA-2010-07-28-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
RHSA-2011:0177 (REDHAT)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0216 (VUPEN)
43086 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:10964 (OVAL)
CVE: CVE-2010-1781
CVE: CVE-2010-1781
Id:
CVE-2010-1781
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
Comment
: Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
43077 (BID)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
SUSE-SR:2010:018 (SUSE)
42314 (SECUNIA)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
appleios-inline-elements-code-exec(61698) (XF)
CVE: CVE-2010-1782
CVE: CVE-2010-1782
Id:
CVE-2010-1782
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
Comment
: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://support.apple.com/kb/HT4276 (CONFIRM)
APPLE-SA-2010-07-28-1 (APPLE)
42020 (BID)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
SUSE-SR:2010:018 (SUSE)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43086 (SECUNIA)
ADV-2011-0212 (VUPEN)
ADV-2011-0216 (VUPEN)
RHSA-2011:0177 (REDHAT)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11935 (OVAL)
CVE: CVE-2010-1783
CVE: CVE-2010-1783
Id:
CVE-2010-1783
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
Comment
: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
42020 (BID)
APPLE-SA-2010-07-28-1 (APPLE)
http://support.apple.com/kb/HT4276 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
ADV-2011-0216 (VUPEN)
RHSA-2011:0177 (REDHAT)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43086 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
DSA-2188 (DEBIAN)
oval:org.mitre.oval:def:11820 (OVAL)
CVE: CVE-2010-1784
CVE: CVE-2010-1784
Id:
CVE-2010-1784
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
Comment
: The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
APPLE-SA-2010-07-28-1 (APPLE)
42020 (BID)
http://support.apple.com/kb/HT4276 (CONFIRM)
http://support.apple.com/kb/HT4334 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
SUSE-SR:2010:018 (SUSE)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
ADV-2011-0216 (VUPEN)
RHSA-2011:0177 (REDHAT)
SUSE-SR:2011:002 (SUSE)
43086 (SECUNIA)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11766 (OVAL)
CVE: CVE-2010-1785
CVE: CVE-2010-1785
Id:
CVE-2010-1785
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
Comment
: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://support.apple.com/kb/HT4276 (CONFIRM)
APPLE-SA-2010-07-28-1 (APPLE)
42020 (BID)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
SUSE-SR:2010:018 (SUSE)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
43086 (SECUNIA)
RHSA-2011:0177 (REDHAT)
ADV-2011-0216 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11941 (OVAL)
CVE: CVE-2010-1786
CVE: CVE-2010-1786
Id:
CVE-2010-1786
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
42020 (BID)
APPLE-SA-2010-07-28-1 (APPLE)
http://support.apple.com/kb/HT4276 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
SUSE-SR:2010:018 (SUSE)
42314 (SECUNIA)
RHSA-2011:0177 (REDHAT)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
ADV-2011-0216 (VUPEN)
43086 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11837 (OVAL)
CVE: CVE-2010-1787
CVE: CVE-2010-1787
Id:
CVE-2010-1787
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
Comment
: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
42020 (BID)
APPLE-SA-2010-07-28-1 (APPLE)
http://support.apple.com/kb/HT4276 (CONFIRM)
http://support.apple.com/kb/HT4334 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
SUSE-SR:2010:018 (SUSE)
42314 (SECUNIA)
RHSA-2011:0177 (REDHAT)
ADV-2011-0216 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43086 (SECUNIA)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11877 (OVAL)
CVE: CVE-2010-1788
CVE: CVE-2010-1788
Id:
CVE-2010-1788
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
Comment
: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
42020 (BID)
APPLE-SA-2010-07-28-1 (APPLE)
http://support.apple.com/kb/HT4276 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
SUSE-SR:2010:018 (SUSE)
42314 (SECUNIA)
43068 (SECUNIA)
RHSA-2011:0177 (REDHAT)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43086 (SECUNIA)
ADV-2011-0216 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11962 (OVAL)
CVE: CVE-2010-1789
CVE: CVE-2010-1789
Id:
CVE-2010-1789
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1789
Comment
: Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
42020 (BID)
APPLE-SA-2010-07-28-1 (APPLE)
http://support.apple.com/kb/HT4276 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
oval:org.mitre.oval:def:11524 (OVAL)
CVE: CVE-2010-1790
CVE: CVE-2010-1790
Id:
CVE-2010-1790
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
Comment
: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
http://support.apple.com/kb/HT4276 (CONFIRM)
APPLE-SA-2010-07-28-1 (APPLE)
42020 (BID)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
SUSE-SR:2010:018 (SUSE)
43068 (SECUNIA)
ADV-2011-0216 (VUPEN)
43086 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
RHSA-2011:0177 (REDHAT)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11777 (OVAL)
CVE: CVE-2010-1791
CVE: CVE-2010-1791
Id:
CVE-2010-1791
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
Comment
: Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
42020 (BID)
http://support.apple.com/kb/HT4276 (CONFIRM)
APPLE-SA-2010-07-28-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11802 (OVAL)
CVE: CVE-2010-1792
CVE: CVE-2010-1792
Id:
CVE-2010-1792
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
Comment
: WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://support.apple.com/kb/HT4276 (CONFIRM)
42020 (BID)
APPLE-SA-2010-07-28-1 (APPLE)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
SUSE-SR:2010:018 (SUSE)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0216 (VUPEN)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
RHSA-2011:0177 (REDHAT)
43086 (SECUNIA)
http://support.apple.com/kb/HT4564 (CONFIRM)
MDVSA-2011:039 (MANDRIVA)
APPLE-SA-2011-03-09-1 (APPLE)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11898 (OVAL)
CVE: CVE-2010-1793
CVE: CVE-2010-1793
Id:
CVE-2010-1793
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
Comment
: Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
42020 (BID)
http://support.apple.com/kb/HT4276 (CONFIRM)
APPLE-SA-2010-07-28-1 (APPLE)
APPLE-SA-2010-09-08-1 (APPLE)
http://support.apple.com/kb/HT4334 (CONFIRM)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
SUSE-SR:2010:018 (SUSE)
42314 (SECUNIA)
ADV-2011-0216 (VUPEN)
RHSA-2011:0177 (REDHAT)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43086 (SECUNIA)
43068 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11923 (OVAL)
CVE: CVE-2010-1807
CVE: CVE-2010-1807
Id:
CVE-2010-1807
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
Comment
: WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
20 (Improper Input Validation)
References:
APPLE-SA-2010-09-07-1 (APPLE)
43047 (BID)
http://support.apple.com/kb/HT4333 (CONFIRM)
ADV-2010-2722 (VUPEN)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack (MISC)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
http://trac.webkit.org/changeset/64706 (CONFIRM)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
https://bugzilla.redhat.com/show_bug.cgi?id=627703 (CONFIRM)
ADV-2011-0212 (VUPEN)
RHSA-2011:0177 (REDHAT)
43086 (SECUNIA)
ADV-2011-0216 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11964 (OVAL)
CVE: CVE-2010-1812
CVE: CVE-2010-1812
Id:
CVE-2010-1812
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
Comment
: Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT4334 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
43079 (BID)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-18-1 (APPLE)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
ADV-2011-0216 (VUPEN)
43086 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
RHSA-2011:0177 (REDHAT)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
appleios-selections-code-exec(61699) (XF)
CVE: CVE-2010-1813
CVE: CVE-2010-1813
Id:
CVE-2010-1813
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1813
Comment
: WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://support.apple.com/kb/HT4334 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
appleios-html-object-code-exec(61700) (XF)
CVE: CVE-2010-1814
CVE: CVE-2010-1814
Id:
CVE-2010-1814
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
Comment
: WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://support.apple.com/kb/HT4334 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
43083 (BID)
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
43086 (SECUNIA)
ADV-2011-0216 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
RHSA-2011:0177 (REDHAT)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
appleios-formmenus-code-exec(61701) (XF)
CVE: CVE-2010-1815
CVE: CVE-2010-1815
Id:
CVE-2010-1815
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
Comment
: Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT4334 (CONFIRM)
APPLE-SA-2010-09-08-1 (APPLE)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
43081 (BID)
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
RHSA-2011:0177 (REDHAT)
43086 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0216 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
appleios-scrollbars-code-exec(61702) (XF)
CVE: CVE-2010-1822
CVE: CVE-2010-1822
Id:
CVE-2010-1822
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1822
Comment
: WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
704 (Incorrect Type Conversion or Cast)
References:
http://code.google.com/p/chromium/issues/detail?id=55114 (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=45562 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html (CONFIRM)
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
oval:org.mitre.oval:def:6691 (OVAL)
CVE: CVE-2010-1823
CVE: CVE-2010-1823
Id:
CVE-2010-1823
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1823
Comment
: Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
416 (Use After Free)
References:
http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=44533 (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=43055 (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=50250 (CONFIRM)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
http://support.apple.com/kb/HT4808 (CONFIRM)
APPLE-SA-2011-07-20-1 (APPLE)
http://support.apple.com/kb/HT4981 (CONFIRM)
APPLE-SA-2011-10-11-1 (APPLE)
oval:org.mitre.oval:def:7405 (OVAL)
CVE: CVE-2010-1824
CVE: CVE-2010-1824
Id:
CVE-2010-1824
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1824
Comment
: Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
416 (Use After Free)
References:
http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=43260 (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=50712 (CONFIRM)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
http://www.zerodayinitiative.com/advisories/ZDI-11-095 (MISC)
http://support.apple.com/kb/HT4554 (CONFIRM)
APPLE-SA-2011-03-02-1 (APPLE)
http://support.apple.com/kb/HT4566 (CONFIRM)
oval:org.mitre.oval:def:7151 (OVAL)
CVE: CVE-2010-1825
CVE: CVE-2010-1825
Id:
CVE-2010-1825
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1825
Comment
: Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
416 (Use After Free)
References:
https://bugs.webkit.org/show_bug.cgi?id=43587 (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=51252 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html (CONFIRM)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
oval:org.mitre.oval:def:7202 (OVAL)
CVE: CVE-2010-2264
CVE: CVE-2010-2264
Id:
CVE-2010-2264
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
Comment
: The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
http://support.apple.com/kb/HT4196 (CONFIRM)
40620 (BID)
ADV-2010-1373 (VUPEN)
1024067 (SECTRACK)
APPLE-SA-2010-06-07-1 (APPLE)
40105 (SECUNIA)
40756 (BID)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
CVE: CVE-2010-2295
CVE: CVE-2010-2295
Id:
CVE-2010-2295
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2295
Comment
: page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
20 (Improper Input Validation)
References:
http://code.google.com/p/chromium/issues/detail?id=15766 (CONFIRM)
http://src.chromium.org/viewvc/chrome/branches/WebKit/375/WebCore/page/EventHandler.cpp?r1=48067&r2=48066 (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=26824 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html (CONFIRM)
40072 (SECUNIA)
https://bugzilla.mozilla.org/show_bug.cgi?id=552255 (MISC)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
oval:org.mitre.oval:def:12003 (OVAL)
CVE: CVE-2010-2297
CVE: CVE-2010-2297
Id:
CVE-2010-2297
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2297
Comment
: rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
40072 (SECUNIA)
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=42723 (CONFIRM)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
oval:org.mitre.oval:def:11434 (OVAL)
CVE: CVE-2010-2300
CVE: CVE-2010-2300
Id:
CVE-2010-2300
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2300
Comment
: Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
416 (Use After Free)
References:
40072 (SECUNIA)
http://code.google.com/p/chromium/issues/detail?id=43315 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html (CONFIRM)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
oval:org.mitre.oval:def:11357 (OVAL)
CVE: CVE-2010-2301
CVE: CVE-2010-2301
Id:
CVE-2010-2301
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2301
Comment
: Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html (CONFIRM)
40072 (SECUNIA)
http://code.google.com/p/chromium/issues/detail?id=43902 (CONFIRM)
https://bugs.webkit.org/show_bug.cgi?id=38922 (CONFIRM)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
oval:org.mitre.oval:def:11861 (OVAL)
CVE: CVE-2010-2302
CVE: CVE-2010-2302
Id:
CVE-2010-2302
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2302
Comment
: Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
416 (Use After Free)
References:
40072 (SECUNIA)
http://code.google.com/p/chromium/issues/detail?id=44740 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html (CONFIRM)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
oval:org.mitre.oval:def:11948 (OVAL)
CVE: CVE-2010-2441
CVE: CVE-2010-2441
Id:
CVE-2010-2441
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2441
Comment
: WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
https://bugzilla.mozilla.org/show_bug.cgi?id=552255 (MISC)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
SUSE-SR:2011:009 (SUSE)
CVE: CVE-2010-3116
CVE: CVE-2010-3116
Id:
CVE-2010-3116
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
Comment
: Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
416 (Use After Free)
References:
http://code.google.com/p/chromium/issues/detail?id=51835 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=50515 (CONFIRM)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
ADV-2010-2722 (VUPEN)
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
44200 (BID)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
RHSA-2011:0177 (REDHAT)
ADV-2011-0216 (VUPEN)
43086 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:11909 (OVAL)
CVE: CVE-2010-3257
CVE: CVE-2010-3257
Id:
CVE-2010-3257
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
Comment
: Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
416 (Use After Free)
References:
http://code.google.com/p/chromium/issues/detail?id=52443 (CONFIRM)
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html (CONFIRM)
USN-1006-1 (UBUNTU)
41856 (SECUNIA)
ADV-2010-2722 (VUPEN)
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
44204 (BID)
43086 (SECUNIA)
ADV-2011-0216 (VUPEN)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
RHSA-2011:0177 (REDHAT)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:12138 (OVAL)
CVE: CVE-2010-3259
CVE: CVE-2010-3259
Id:
CVE-2010-3259
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
Comment
: WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html (CONFIRM)
http://code.google.com/p/chromium/issues/detail?id=53001 (CONFIRM)
ADV-2010-2722 (VUPEN)
41856 (SECUNIA)
USN-1006-1 (UBUNTU)
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
44206 (BID)
ADV-2011-0216 (VUPEN)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
43086 (SECUNIA)
RHSA-2011:0177 (REDHAT)
SUSE-SR:2011:002 (SUSE)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
https://technet.microsoft.com/library/security/msvr11-002 (MISC)
oval:org.mitre.oval:def:11221 (OVAL)
CVE: CVE-2010-3312
CVE: CVE-2010-3312
Id:
CVE-2010-3312
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3312
Comment
: Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
CWE-Other ()
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564690 (CONFIRM)
[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs (MLIST)
http://blog.fefe.de/?ts=b26ca29d (MISC)
[oss-security] 20100921 Re: CVE request: epiphany not checking ssl certs (MLIST)
[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs (MLIST)
[oss-security] 20100920 Re: CVE request: epiphany not checking ssl certs (MLIST)
[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs (MLIST)
http://bugzilla-attachments.gnome.org/attachment.cgi?id=154330 (CONFIRM)
[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs (MLIST)
[oss-security] 20100917 CVE request: epiphany not checking ssl certs (MLIST)
https://bugzilla.gnome.org/show_bug.cgi?id=600663 (CONFIRM)
SUSE-SR:2010:023 (SUSE)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
CVE: CVE-2010-3803
CVE: CVE-2010-3803
Id:
CVE-2010-3803
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3803
Comment
: Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
safari-strings-code-execution(63346) (XF)
oval:org.mitre.oval:def:12130 (OVAL)
CVE: CVE-2010-3804
CVE: CVE-2010-3804
Id:
CVE-2010-3804
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3804
Comment
: The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
310 (Cryptographic Issues)
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
safari-javascript-weak-security(63347) (XF)
oval:org.mitre.oval:def:11495 (OVAL)
CVE: CVE-2010-3805
CVE: CVE-2010-3805
Id:
CVE-2010-3805
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3805
Comment
: Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-18-1 (APPLE)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:11673 (OVAL)
CVE: CVE-2010-3808
CVE: CVE-2010-3808
Id:
CVE-2010-3808
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3808
Comment
: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
safari-invalid-cast-code-exec(63349) (XF)
oval:org.mitre.oval:def:12160 (OVAL)
CVE: CVE-2010-3809
CVE: CVE-2010-3809
Id:
CVE-2010-3809
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3809
Comment
: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
oval:org.mitre.oval:def:12079 (OVAL)
CVE: CVE-2010-3810
CVE: CVE-2010-3810
Id:
CVE-2010-3810
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3810
Comment
: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
oval:org.mitre.oval:def:12060 (OVAL)
CVE: CVE-2010-3811
CVE: CVE-2010-3811
Id:
CVE-2010-3811
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3811
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
oval:org.mitre.oval:def:11538 (OVAL)
CVE: CVE-2010-3812
CVE: CVE-2010-3812
Id:
CVE-2010-3812
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
Comment
: Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
http://www.zerodayinitiative.com/advisories/ZDI-10-257/ (MISC)
44960 (BID)
FEDORA-2011-0121 (FEDORA)
https://bugzilla.redhat.com/show_bug.cgi?id=667022 (CONFIRM)
http://trac.webkit.org/changeset/68705 (MISC)
https://bugs.webkit.org/show_bug.cgi?id=46848 (MISC)
43086 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0216 (VUPEN)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
RHSA-2011:0177 (REDHAT)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
safari-text-objects-code-execution(63350) (XF)
oval:org.mitre.oval:def:11689 (OVAL)
CVE: CVE-2010-3813
CVE: CVE-2010-3813
Id:
CVE-2010-3813
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
Comment
: The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
https://bugzilla.redhat.com/show_bug.cgi?id=667024 (CONFIRM)
http://trac.webkit.org/changeset/63622 (MISC)
https://bugs.webkit.org/show_bug.cgi?id=42500 (MISC)
FEDORA-2011-0121 (FEDORA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
ADV-2011-0216 (VUPEN)
SUSE-SR:2011:002 (SUSE)
RHSA-2011:0177 (REDHAT)
43086 (SECUNIA)
MDVSA-2011:039 (MANDRIVA)
ADV-2011-0552 (VUPEN)
oval:org.mitre.oval:def:12293 (OVAL)
CVE: CVE-2010-3816
CVE: CVE-2010-3816
Id:
CVE-2010-3816
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3816
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:12255 (OVAL)
CVE: CVE-2010-3817
CVE: CVE-2010-3817
Id:
CVE-2010-3817
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3817
Comment
: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-18-1 (APPLE)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:12002 (OVAL)
CVE: CVE-2010-3818
CVE: CVE-2010-3818
Id:
CVE-2010-3818
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3818
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-18-1 (APPLE)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
oval:org.mitre.oval:def:12233 (OVAL)
CVE: CVE-2010-3819
CVE: CVE-2010-3819
Id:
CVE-2010-3819
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3819
Comment
: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
safari-css-boxes-code-execution(63358) (XF)
oval:org.mitre.oval:def:11308 (OVAL)
CVE: CVE-2010-3820
CVE: CVE-2010-3820
Id:
CVE-2010-3820
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3820
Comment
: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
oval:org.mitre.oval:def:11972 (OVAL)
CVE: CVE-2010-3821
CVE: CVE-2010-3821
Id:
CVE-2010-3821
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3821
Comment
: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
safari-stylesheets-code-execution(63360) (XF)
oval:org.mitre.oval:def:12216 (OVAL)
CVE: CVE-2010-3822
CVE: CVE-2010-3822
Id:
CVE-2010-3822
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3822
Comment
: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:11899 (OVAL)
CVE: CVE-2010-3823
CVE: CVE-2010-3823
Id:
CVE-2010-3823
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3823
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
APPLE-SA-2010-11-18-1 (APPLE)
http://support.apple.com/kb/HT4455 (CONFIRM)
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:12306 (OVAL)
CVE: CVE-2010-3824
CVE: CVE-2010-3824
Id:
CVE-2010-3824
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3824
Comment
: Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-18-1 (APPLE)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
43068 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
safari-use-elements-code-execution(63363) (XF)
oval:org.mitre.oval:def:12300 (OVAL)
CVE: CVE-2010-3826
CVE: CVE-2010-3826
Id:
CVE-2010-3826
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3826
Comment
: WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
http://support.apple.com/kb/HT4455 (CONFIRM)
APPLE-SA-2010-11-18-1 (APPLE)
APPLE-SA-2010-11-22-1 (APPLE)
http://support.apple.com/kb/HT4456 (CONFIRM)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
ADV-2011-0212 (VUPEN)
oval:org.mitre.oval:def:11814 (OVAL)
CVE: CVE-2010-3829
CVE: CVE-2010-3829
Id:
CVE-2010-3829
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3829
Comment
: WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://support.apple.com/kb/HT4456 (CONFIRM)
APPLE-SA-2010-11-22-1 (APPLE)
1024773 (SECTRACK)
ADV-2010-3046 (VUPEN)
42314 (SECUNIA)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
http://support.apple.com/kb/HT4808 (CONFIRM)
APPLE-SA-2011-07-20-1 (APPLE)
appleios-mail-information-disclosure(63418) (XF)
CVE: CVE-2010-3900
CVE: CVE-2010-3900
Id:
CVE-2010-3900
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3900
Comment
: Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE:
CWE-Other ()
References:
[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs (MLIST)
http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/ (MISC)
http://www.twotoasts.de/bugs/index.php?do=details&task_id=168 (CONFIRM)
http://www.twotoasts.de/bugs/index.php?do=details&task_id=743 (MISC)
http://git.xfce.org/apps/midori/tree/ChangeLog (CONFIRM)
ADV-2011-0212 (VUPEN)
SUSE-SR:2011:002 (SUSE)
43068 (SECUNIA)
http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html ()
Content available only for registered users!
ovaldb@altx-soft.com