This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote host contains a web browser that is affected by several
The version of Safari installed on the remote Mac OS X 10.7 or 10.8
host is earlier than 6.1. It is, therefore, potentially affected by
several issues :
- A bounds-checking issue exists related to handling XML
- Multiple memory corruption vulnerabilities exist in
WebKit that could lead to unexpected program termination
or arbitrary code execution. (CVE-2013-1037,
CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,
CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,
CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,
CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,
CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
- An error exists related to URL handling that could lead
to information disclosure. (CVE-2013-2848)
- A cross-site scripting issue exists in WebKit's handling
of URLs and drag-and-drop operations. (CVE-2013-5129,
- Using 'Web Inspector' could negate 'Private Browsing'
protections leading to information disclosure.
- An error exists related to the 'Reopen All Windows
from Last Session' feature that could allow a local
attacker to obtain plaintext user ID and password
information from the 'LastSession.plist' file.
See also :
Upgrade to Safari 6.1 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 70563 ()
CVE ID: CVE-2013-1036