Mac OS X : Safari < 6.0 Multiple Vulnerabilities

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by several
vulnerabilities.

Description :

The version of Safari installed on the remote Mac OS X host is
earlier than 6.0. It is, therefore, potentially affected by several
issues :

- An unspecified cross-site scripting issue exists.
(CVE-2012-0678)

- An error in the handling of 'feed://' URLs can allow
local files to be disclosed to remote servers.
(CVE-2012-0679)

- Password input elements are auto completed even when
a webpage specifically forbids it. (CVE-2012-0680)

- A cross-site scripting issue exists due to improper
handling of the HTTP 'Content-Disposition' header
value of 'attachment'. (CVE-2011-3426)

- Numerous issues exist in WebKit. (CVE-2011-2845,
CVE-2011-3016, CVE-2011-3021, CVE-2011-3027,
CVE-2011-3032, CVE-2011-3034, CVE-2011-3035,
CVE-2011-3036, CVE-2011-3037, CVE-2011-3038,
CVE-2011-3039, CVE-2011-3040, CVE-2011-3041,
CVE-2011-3042, CVE-2011-3043, CVE-2011-3044,
CVE-2011-3050, CVE-2011-3053, CVE-2011-3059,
CVE-2011-3060, CVE-2011-3064, CVE-2011-3067,
CVE-2011-3068, CVE-2011-3069, CVE-2011-3071,
CVE-2011-3073, CVE-2011-3074, CVE-2011-3075,
CVE-2011-3076, CVE-2011-3078, CVE-2011-3081,
CVE-2011-3086, CVE-2011-3089, CVE-2011-3090,
CVE-2011-3913, CVE-2011-3924, CVE-2011-3926,
CVE-2011-3958, CVE-2011-3966, CVE-2011-3968,
CVE-2011-3969, CVE-2011-3971, CVE-2012-0682,
CVE-2012-0683, CVE-2012-1520, CVE-2012-1521,
CVE-2012-2815, CVE-2012-3589, CVE-2012-3590,
CVE-2012-3591, CVE-2012-3592, CVE-2012-3593,
CVE-2012-3594, CVE-2012-3595, CVE-2012-3596,
CVE-2012-3597, CVE-2012-3599, CVE-2012-3600,
CVE-2012-3603, CVE-2012-3604, CVE-2012-3605,
CVE-2012-3608, CVE-2012-3609, CVE-2012-3610,
CVE-2012-3611, CVE-2012-3615, CVE-2012-3618,
CVE-2012-3620, CVE-2012-3625, CVE-2012-3626,
CVE-2012-3627, CVE-2012-3628, CVE-2012-3629,
CVE-2012-3630, CVE-2012-3631, CVE-2012-3633,
CVE-2012-3634, CVE-2012-3635, CVE-2012-3636,
CVE-2012-3637, CVE-2012-3638, CVE-2012-3639,
CVE-2012-3640, CVE-2012-3641, CVE-2012-3642,
CVE-2012-3644, CVE-2012-3645, CVE-2012-3646,
CVE-2012-3650, CVE-2012-3653, CVE-2012-3655,
CVE-2012-3656, CVE-2012-3661, CVE-2012-3663,
CVE-2012-3664, CVE-2012-3665, CVE-2012-3666,
CVE-2012-3667, CVE-2012-3668, CVE-2012-3669,
CVE-2012-3670, CVE-2012-3674, CVE-2012-3678,
CVE-2012-3679, CVE-2012-3680, CVE-2012-3681,
CVE-2012-3682, CVE-2012-3683, CVE-2012-3686,
CVE-2012-3689, CVE-2012-3690, CVE-2012-3691,
CVE-2012-3693, CVE-2012-3694, CVE-2012-3695,
CVE-2012-3696, CVE-2012-3697)

See also :

http://support.apple.com/kb/HT5400
http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html

Solution :

Upgrade to Safari 6.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 60127 ()

Bugtraq ID: 54669
54680
54683
54686
54687
54688
54692
54693
54694
54695
54696
54697
54700
54703
57027

CVE ID: CVE-2011-2845
CVE-2011-3016
CVE-2011-3021
CVE-2011-3027
CVE-2011-3032
CVE-2011-3034
CVE-2011-3035
CVE-2011-3036
CVE-2011-3037
CVE-2011-3038
CVE-2011-3039
CVE-2011-3040
CVE-2011-3041
CVE-2011-3042
CVE-2011-3043
CVE-2011-3044
CVE-2011-3050
CVE-2011-3053
CVE-2011-3059
CVE-2011-3060
CVE-2011-3064
CVE-2011-3067
CVE-2011-3068
CVE-2011-3069
CVE-2011-3071
CVE-2011-3073
CVE-2011-3074
CVE-2011-3075
CVE-2011-3076
CVE-2011-3078
CVE-2011-3081
CVE-2011-3086
CVE-2011-3089
CVE-2011-3090
CVE-2011-3426
CVE-2011-3913
CVE-2011-3924
CVE-2011-3926
CVE-2011-3958
CVE-2011-3966
CVE-2011-3968
CVE-2011-3969
CVE-2011-3971
CVE-2012-0678
CVE-2012-0679
CVE-2012-0680
CVE-2012-0682
CVE-2012-0683
CVE-2012-1520
CVE-2012-1521
CVE-2012-2815
CVE-2012-3589
CVE-2012-3590
CVE-2012-3591
CVE-2012-3592
CVE-2012-3593
CVE-2012-3594
CVE-2012-3595
CVE-2012-3596
CVE-2012-3597
CVE-2012-3599
CVE-2012-3600
CVE-2012-3603
CVE-2012-3604
CVE-2012-3605
CVE-2012-3608
CVE-2012-3609
CVE-2012-3610
CVE-2012-3611
CVE-2012-3615
CVE-2012-3618
CVE-2012-3620
CVE-2012-3625
CVE-2012-3626
CVE-2012-3627
CVE-2012-3628
CVE-2012-3629
CVE-2012-3630
CVE-2012-3631
CVE-2012-3633
CVE-2012-3634
CVE-2012-3635
CVE-2012-3636
CVE-2012-3637
CVE-2012-3638
CVE-2012-3639
CVE-2012-3640
CVE-2012-3641
CVE-2012-3642
CVE-2012-3644
CVE-2012-3645
CVE-2012-3646
CVE-2012-3650
CVE-2012-3653
CVE-2012-3655
CVE-2012-3656
CVE-2012-3661
CVE-2012-3663
CVE-2012-3664
CVE-2012-3665
CVE-2012-3666
CVE-2012-3667
CVE-2012-3668
CVE-2012-3669
CVE-2012-3670
CVE-2012-3674
CVE-2012-3678
CVE-2012-3679
CVE-2012-3680
CVE-2012-3681
CVE-2012-3682
CVE-2012-3683
CVE-2012-3686
CVE-2012-3689
CVE-2012-3690
CVE-2012-3691
CVE-2012-3693
CVE-2012-3694
CVE-2012-3695
CVE-2012-3696
CVE-2012-3697