icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Safari < 4.0.5 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The version of Safari installed on the remote host is earlier than 4.0.5. Such versions are potentially affected by several issues :

A buffer underflow in ImageIO's handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2009-2285)

- An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2010-0040)

- An uninitialized memory access issue in ImageIO's handling of BMP images could result in sending of data from Safari's memory to a website. (CVE-2010-0041)

- An uninitialized memory access issue in ImageIO's handling of TIFF images could result in sending of data from Safari's memory to a website. (CVE-2010-0042)

- A memory corruption issue in the handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2010-0043)

- An implementation issue in the handling of cookies set by RSS and Atom feeds could result in a cookie being set when visiting or updating a feed even if Safari is configured to block cookies via the 'Accept Cookies' preference. (CVE-2010-0044)

- An issue in Safari's handling of external URL schemes could cause a local file to be opened in response to a URL encountered on a web page, which could allow a malicious web server to execute arbitrary code. (CVE-2010-0045)

- A memory corruption issue in WebKit's handling of CSS format() arguments could lead to a crash or arbitrary code execution. (CVE-2010-0046)

- A use-after-free issue in the handling of HTML object element fallback content could lead to a crash or arbitrary code execution. (CVE-2010-0047)

- A use-after-free issue in WebKit's parsing of XML documents could lead to a crash or arbitrary code execution. (CVE-2010-0048)

- A use-after-free issue in the handling of HTML elements containing right-to-left displayed text could lead to a crash or arbitrary code execution. (CVE-2010-0049)

- A use-after-free issue in WebKit's handling of incorrectly nested HTML tags could lead to a crash or arbitrary code execution. (CVE-2010-0050)

- An implementation issue in WebKit''s handling of cross-origin stylesheet requests when visiting a malicious website could result in disclosure of the content of protected resources on another website. (CVE-2010-0051)

- A use-after-free issue in WebKit's handling of callbacks for HTML elements could lead to a crash or arbitrary code execution. (CVE-2010-0052)

- A use-after-free issue in the rendering of content with a CSS display property set to 'run-in' could lead to a crash or arbitrary code execution. (CVE-2010-0053)

- A use-after-free issue in WebKit's handling of HTML image elements could lead to a crash or arbitrary code execution. (CVE-2010-0054)

Solution

Upgrade to Safari 4.0.5 or later.