Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apple:safari:3.0.0b
There are 1,176 matching records.
Displaying matches 961 through 980.
Vuln ID Summary CVSS Severity
CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.

Published: November 22, 2010; 8:00:18 AM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2010-3812

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.

Published: November 22, 2010; 8:00:18 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3811

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.

Published: November 22, 2010; 8:00:18 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3810

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.

Published: November 22, 2010; 8:00:18 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3809

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Published: November 22, 2010; 8:00:18 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3808

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Published: November 22, 2010; 8:00:18 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3805

Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254.

Published: November 22, 2010; 8:00:17 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.

Published: November 22, 2010; 8:00:17 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-3803

Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.

Published: November 22, 2010; 8:00:17 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Published: November 16, 2010; 8:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3638

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.

Published: November 07, 2010; 5:00:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1822

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.

Published: October 04, 2010; 5:00:03 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2010-1823

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.

Published: September 24, 2010; 3:00:04 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

Published: September 07, 2010; 2:00:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3257

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

Published: September 07, 2010; 2:00:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3116

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

Published: August 24, 2010; 4:00:02 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-1796

The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2010-1793

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1792

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1791

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH