icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Safari < 4.1 / 5.0 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Safari earlier than 4.1 / 5.0 are potentially affected by multiple vulnerabilities :

- A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. (CVE-2009-1726)

- Safari supports the inclusion of user information in URLs, which allows the URL to specify a username and password to authenticate the user to the named server. (CVE-2010-1384)

- A use after free issue exists in Safari's management of windows. (CVE-2010-1750)

- An implementation issue exists in WebKit's handling of URLs in the clipboard. (CVE-2010-1388)

- Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. (CVE-2010-1389)

- A cononicalization issue exists in WebKit's handling of UTF-7 encoded text. (CVE-2010-1390)

- A path traversal issue exists in WebKit's support for Local Storage and Web SQL database. (CVE-2010-1391)

- A use after free issue exists in WebKit's rendering of HTML buttons. (CVE-2010-1392)

- An information disclosure issue exists in WebKit's handling of Cascading Stylesheets. (CVE-2010-1393)

- A use after free issue exists in WebKit's handling of attribute manipulation. (CVE-2010-1119)

- A design issue exists in WebKit's handling of HTML document fragments. (CVE-2010-1394)

- An implementation issue exists in WebKit's handling of keyboard focus. (CVE-2010-1422)

- A scope management issue exists in WebKit's handling of DOM constructor objects. (CVE-2010-1395)

- A use after free issue exists in WebKit's handling of the removal of container elements. (CVE-2010-1396)

- A use after free issue exists in WebKit's rendering of a selection when the layout changes. (CVE-2010-1397)

- A memory corruption issue exists in WebKit's handling of ordered list insertions. (CVE-2010-1398)

- An uninitialized memory access issue exists in WebKit's handling of selection changes on form input elements. (CVE-2010-1399)

- A use after free issue exists in WebKit's handling of caption elements. (CVE-2010-1400)

- A use after free issue exists in WebKit's handling of the ':first-letter' pseudo-element in cascading stylesheets. (CVE-2010-1401)

- a double free issue exists in WebKit's handling of event listeners in SVG documents. (CVE-2010-1402)

- An uninitialized memory access issue exists in WebKit's handling of 'use' elements in SVG documents. (CVE-2010-1403)

- A use after free issue exists in WebKit's handling of SVG documents with multiple 'use' elements. (CVE-2010-1404)

- A memory corruption issue exists in WebKit's handling of nested 'use' elements in SVG documents. (CVE-2010-1410)

- A use after free issue exists in WebKit's handling of CSS run-ins. (CVE-2010-1749)

- A use after free issue exists in WebKit's handling of HTML elements with custom vertical positioning. (CVE-2010-1405)

- When WebKit is redirected from an HTTPS site to an HTTP site, the Referer header is passed to the HTTP site. (CVE-2010-1406)

- An integer truncation issue exists in WebKit's handling of requests to non-default TCP ports. (CVE-2010-1408)

- Common IRC service ports are not included in WebKit's port blacklist. (CVE-2010-1409)

- A use after free issue exists in WebKit's handling of hover events. (CVE-2010-1412)

- In certain circumstances, WebKit may send NTLM credentials in plain text. (CVE-2010-1413)

- A use after free issue exists in WebKit's handling of the removeChild DOM method. (CVE-2010-1414)

- An API abuse issue exists in WebKit's handling of libxml contexts. (CVE-2010-1415)

- A cross-site image capture issue exists in WebKit. (CVE-2010-1416)

- A memory corruption issue exists in WebKit's rendering of CSS-styled HTML content with multiple :after pseudo-selectors. (CVE-2010-1417)

- An input validation issue exists in WebKit's handling of the src attribute of the frame element (CVE-2010-1418)

- A use after free issue exists in WebKit's handling of drag and drop when the window acting as a source of a drag operation is closed before the drag operation is completed. (CVE-2010-1419)

- A design issue exists in the implementation of the JavaScript function execCommand. (CVE-2010-1421)

- An issue in WebKit's handling of malformed URLs may result in a cross-site scripting attack when visiting a maliciously crafted website. (CVE-2010-0544)

- A use after free issue exists in WebKit's handling of DOM Range objects. (CVE-2010-1758)

- A use after free issue exists in WebKit's handling of the Node.normalize method. (CVE-2010-1759)

- A use after free issue exist sin WebKit's rendering of HTML document subtrees. (CVE-2010-1761)

- A design issue exists in the handling of HTML contained in textarea elements. (CVE-2010-1762)

- A design issue exists in WebKit's handling of HTTP redirects. (CVE-2010-1764)

- A type checking issue exists in WebKit's handling of text nodes. (CVE-2010-1770)

- A use after free issue exists in WebKit's handling of fonts. (CVE-2010-1771)

- An out of bounds memory access issue exists in WebKit's handling of HTML tables. (CVE-2010-1774)

- A design issue exists in WebKit's handling of the CSS :visited pseudo-class.

Solution

Upgrade to Safari 4.1, 5.0, or later.