icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Safari < 4.1.1 / 5.0.1 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The remote host has Safari installed.

Versions of Safari earlier than 4.1.1 / 5.0.1 are potentially affected by multiple vulnerabilities :

- Safari's AutoFill feature may disclose information to websites without user interaction. (CVE-2010-1796)

- A use after free issue exists in WebKit's handling of element focus may lead to an application crash or arbitrary code execution. (CVE-2010-1780)

- A memory corruption issue exists in WebKit's rendering of inline elements . (CVE-2010-1782)

- A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes .

- A memory corruption issue exists in WebKit's handling of CSS counters . (CVE-2010-1784)

- An uninitialized memory access issue exists in WebKit's handling of the ':first-letter' and ':first-line' pseudo-elements in SVG text elements . (CVE-2010-1785)

- A use after free issue exists in WebKit's handling of foreignObject elements in SVG documents. (CVE-2010-1786)

- A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. (CVE-2010-1787)

- A memory corruption issue exists in WebKit's handling of 'use' elements in SVG documents. (CVE-2010-1788)

- A heap buffer overflow exist sin WebKit's handling of JavaScript string objects. (CVE-2010-1789)

- A re-entrancy issue exists in WebKit's handling of just-in-time compiled JavaScript stubs. (CVE-2010-1790)

- A signedness issue exists in WebKit's handling of JavaScript arrays. (CVE-2010-1791)

- A memory corruption issue exists in WebKit's handling of regular expressions. (CVE-2010-1792)

- A use after free issue exists in WebKit's handling of 'font-face' and 'use' elements in SVG documents. (CVE-2010-1793)

Solution

Upgrade to Safari 4.1.1, 5.0.1, or later.