http://code.google.com/p/chromium/issues/detail?id=86502

http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html

APPLE-SA-2011-10-11-1

APPLE-SA-2011-10-12-1

APPLE-SA-2011-10-12-4

74240

http://support.apple.com/kb/HT4981

http://support.apple.com/kb/HT4999

http://support.apple.com/kb/HT5000

google-chrome-floating-ce(68952)

oval:org.mitre.oval:def:14078

The mobile device is running a version of iOS that is prior to version 5.0. Version 5.0 contains numerous security-related fixes for the following vulnerabilities :

  - Apple iOS Calendar Synchronization SSL Certificate     Validation Information Disclosure Vulnerability     (CVE-2011-3253)

  - Apple iOS Calendar Cross-Site Scripting Vulnerability     (CVE-2011-3254)

  - Apple iOS CFNetwork Information Disclosure Vulnerability     (CVE-2011-3255)

  - Apple iOS and Mac OS X CFNetwork Cross Domain     Information Disclosure Vulnerability (CVE-2011-3246)

  - Apple Mac OS X CoreFoundation Memory Corruption     Vulnerability (CVE-2011-0259)

  - FreeType Font Document Multiple Memory Corruption     Vulnerabilities (CVE-2011-3256)

  - Apple Mac OS X QuickTime Cross-Domain Information     Disclosure Vulnerability (CVE-2011-0187)

  - Apple iOS Mail Cookie Synchronization Validation     Information Disclosure Vulnerability (CVE-2011-3257)

  - An information disclosure vulnerability, known as BEAST,     exists in the SSL 3.0 and TLS 1.0 protocols due to a     flaw in the way the initialization vector (IV) is     selected when operating in cipher-block chaining (CBC)     modes. A man-in-the-middle attacker can exploit this     to obtain plaintext HTTP header data, by using a     blockwise chosen-boundary attack (BCBA) on an HTTPS     session, in conjunction with JavaScript code that uses     the HTML5 WebSocket API, the Java URLConnection API,     or the Silverlight WebClient API. (CVE-2011-3389)

  - Opera Web Browser Information Disclosure Vulnerability

  - Apple iOS Home Screen Information Disclosure     Vulnerability (CVE-2011-3431)

  - libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow     Vulnerability (CVE-2011-0192)

  - Apple Safari ImageIO TIFF Image Handling Heap Buffer     Overflow Vulnerability (CVE-2011-0241)

  - Apple Mac OS X ICU Buffer Overflow Vulnerability     (CVE-2011-0206)

  - Apple Kernel TCP Exhaustion Denial of Service     Vulnerability (CVE-2011-3259)

  - Apple Mac OS X IPV6 Socket Options Denial of Service     Vulnerability (CVE-2011-1132)

  - Apple iOS Keyboard Information Disclosure Vulnerability     (CVE-2011-3245)

  - Apple Safari 'libxml' Remote Code Execution     Vulnerability (CVE-2011-0216)

  - Apple iPhone/iPad/iPod Touch prior to iOS 5 Buffer     Overflow Vulnerability (CVE-2011-3260)

  - Apple iPhone/iPad/iPod Touch prior to iOS 5 Remote Code     Execution Vulnerability (CVE-2011-3261)

  - Apple Mac OS X QuickLook Office File Memory Corruption     Vulnerability (CVE-2011-0208)

  - Apple Mac OS X QuickLook Remote Code Execution     Vulnerability (CVE-2011-0184)

  - Apple iPhone/iPad/iPod Touch 'Content-Disposition'     Header Cross-Site Scripting Vulnerability     (CVE-2011-3246)

  - Apple iOS Parental Restrictions Passcode Information     Disclosure Vulnerability (CVE-2011-3249)

  - Apple iOS Insecure Misleading UI Insecure     Configuration Weakness (CVE-2011-3430)

  - Apple iOS Remote Denial of Service Vulnerability     (CVE-2011-3432)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0218)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0221)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0222)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0225)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0232)

  - WebKit FrameOwner Element Memory Corruption Remote     Code Execution Vulnerability (CVE-2011-0233)

  - WebKit Malformed XHTML Tags Use-After-Free     Memory Corruption Vulnerability (CVE-2011-0234)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0235)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0238)

  - WebKit 'NamedNodeMap.cpp' Memory Corruption Remote     Code Execution Vulnerability (CVE-2011-0254)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0255)

  - Google Chrome prior to 9.0.597.94 Multiple Security     Vulnerabilities (CVE-2011-0981)

  - Google Chrome prior to 9.0.597.107 Multiple Security     Vulnerabilities (CVE-2011-1109)

  - Google Chrome prior to 10.0.648.127 Multiple Security     Vulnerabilities (CVE-2011-1188)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1288)

  - Google Chrome prior to 10.0.648.204 Multiple Security     Vulnerabilities (CVE-2011-1293)

  - Google Chrome prior to 11.0.696.57 Multiple Security     Vulnerabilities (CVE-2011-1449)

  - WebKit MathML Tags Use-After-Free Remote Code Execution     Vulnerability

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1453)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1457)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1462)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1797)

  - WebKit Multiple Unspecified Remote Code Execution     Vulnerabilities (CVE-2011-2338)

  - WebKit Style Sheet Elements Remote Code Execution     Vulnerability (CVE-2011-2341)

  - Google Chrome Prior to 12.0.742.112 Multiple Security     Vulnerabilities (CVE-2011-2351)

  - Google Chrome Prior to 13.0.782.107 Multiple Security     Vulnerabilities (CVE-2011-2359)

  - Google Chrome Prior to 13.0.782.215 Multiple Security     Vulnerabilities (CVE-2011-2823)

  - Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code     Execution Vulnerability (CVE-2011-3232)

  - Google Chrome Prior to 14.0.835.163 Multiple Security     Vulnerabilities (CVE-2011-3234)

  - WebKit Embedded URL Cross Domain Scripting Vulnerability     (CVE-2011-0242)

  - WebKit Address Bar URI Spoofing Vulnerability     (CVE-2011-1107)

  - WebKit 'libxslt' Remote Code Execution Vulnerability     (CVE-2011-1774)

  - WebKit 'HTML5' Drag and Drop Cross-Origin Information     Disclosure Vulnerability (CVE-2011-0166)

  - WebKit Inactive DOM Windows Cross Domain Scripting     Vulnerability (CVE-2011-3243)

  - Apple iOS WiFi Credentials Information Disclosure     Vulnerability (CVE-2011-3234)

The version of Safari installed on the remote Windows host is earlier than 5.1.1.  Thus, it is potentially affected by numerous issues in the following components :

  - Safari
  - WebKit

The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.1.1. Thus, it is potentially affected by numerous issues in the following components :

  - Safari
  - WebKit

The remote host has Safari installed.

Versions of Safari earlier than 5.1.1 are potentially affected by several issues in the following components : 

  - Safari

  - WebKit

The version of Apple iTunes on the remote host is prior to version 10.5. It is, therefore, affected by multiple vulnerabilities in the CoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit components. Note that these only affect iTunes for Windows.

The version of Apple iTunes installed on the remote Windows host is older than 10.5. Thus, it is reportedly affected by numerous issues in the following components :

  - CoreFoundation
  - ColorSync
  - CoreAudio
  - CoreMedia
  - ImageIO
  - WebKit

According to its banner, the remote Apple iOS device is missing a security update.  Versions of Apple iOS 3.0 through 4.3.5 are affected by vulnerabilities within the following components :

 - CalDAV
 - Calendar
 - CFNetwork
 - CoreFoundation
 - CoreGraphics
 - CoreMedia
 - Data Access - Data Security
 - Home security
 - ImageIO
 - Kernel
 - Keyboards
 - libxml
 - OfficeImport
 - Safari
 - Settings
 - UIKit Alerts
 - WebKit
 - WiFi

The remote host has Safari installed. 

Versions of Safari earlier than 5.1.1 are potentially affected by several issues in the following components : 

  - Safari

  - WebKit

The remote host has iTunes installed, a popular media player for Windows and Mac OS. 

Versions of iTunes earlier than 10.5 are potentially affected by numerous issues in the following components :

  - CoreFoundation

  - ColorSync

  - CoreAudio

  - CoreMedia

  - ImageIO

  - WebKit

The version of Google Chrome installed on the remote host is earlier than 13.0.782.107.  As such, it is potentially affected by several vulnerabilities :

  - An unspecified error exists related to extension     installation and confirmation dialogs. (Issue #75821)

  - A stale pointer issue exists related to bad line box     tracking and rendering. (Issue #78841)

  - A security bypass issue exists related to file download     prompts. (Issue #79266)

  - A string handling issue exists related to the HTTP     basic authentication dialog box. (Issue #79426)

  - Developer mode NPAPI extensions do not always prompt     a user before installation. (Issue #83273)

  - A local, unspecified path disclosure issue exists and     is related to the GL log. (Issue #83841)

  - Extensions' homepage URLs are not properly sanitized.
    (Issue #84402)

  - The browser's speech-input element is not always on the     screen at required times. (Issue #84600)

  - A re-entrancy issue related to the GPU lock can cause     the browser to crash. (Issue #84805)

  - A buffer overflow exists in the inspector     serialization. (Issue #85559)

  - Use-after-free errors exist related to the Pepper     plugin, floating styles, float removal, media     selectors, Skia, resource caching, HTML range handling,     frame loading and display box rendering that can cause     the browser to crash. (Issues #85808, #86502, #87148,     #87227,# 87548, #87729, #87925, #88846, #88889)

  - An out-of-bounds write error exists related to the     Internal Components for Unicode (ICU). (Issue #86900)

  - Out-of-bounds read errors exist related to text     iteration and Skia paths. (Issue #87298)

  - A cross-frame function leak exists. (Issue #87339)

  - Access to internal schemes is not properly enforced.
    (Issue #87815)

  - Client side redirect targets may be leaked to remote     locations. (Issue #88337)

  - Const lookups can cause the V8 JavaScript engine to     crash. (Issue #88591)

  - Certain PDF files with nested functions can cause the     browser to crash. (Issue #89142)

  - The same origin policy is not properly enforced which     can lead to cross-origin script injection and other     cross-origin violations. (Issues #89520, #90222)

Versions of Google Chrome earlier than 13.0.782.107 are potentially affected by multiple vulnerabilities :

  - It is possible to install an extension without a confirmation dialog. (Issue 75821)

  - A stale pointer exists due to bad line box tracking in rendering. (Issue 78841)

  - It is possible to bypass the dangerous file prompt. (Issue 79266)

  - An unspecified issue exists relating to the designation of strings in the basic auth dialog. (Issue 79426)

  - A file permissions error exists with drag and drop.  Note that this issue only affects Chrome on Linux. (Issue 81307)

  - Developer mode NPAPI extension installs are not always confirmed via browser dialog boxes. (Issue 83273)

  - It is possible for the local file path to be disclosed via a GL program log. (CVE-2011-2784)

  - The homepage URL in extensions is not properly sanitized. (Issue 84402)

  - The speech-input bubble is not always displayed on-screen. (Issue 84600)

  - It is possible to crash the browser due to a GPU lock re-entrancy issue. (Issue 84805)

  - A buffer overflow issue exists in inspector serialization. (Issue 85559)

  - A use-after-free issue exists in the Pepper plug-in installation. (Issue 85808)

  - A use-after-free issue exists with floating styles. (Issue 86502)

  - An out-of-bounds write exists in ICU. (Issue 86900)

  - A use-after-free issue exists with float removal. (Issue 87148)

  - A use-after-free issue exists in media selectors. (Issue 87227)

  - An out-of-bounds read exists in text iteration. (Issue 87298)

  - A leak exists relating to cross-frame functions. (Issue 87339)

  - A use-after-free issue exists in Skia. (Issue 87548)

  - A use-after-free issue exists in resource caching. (Issue 87729)

  - Several unspecified internal schemes are web accessible. (Issue 87815)

  - A use-after-free issue exists in HTML range handling. (Issue 87925)

  - It is possible for a client side redirect target to be leaked. (Issue 88337)

  - It is possible for v8 to crash with const lookups. (Issue 88591)

  - A use-after-free issue exists in the frame loader. (Issue 88846)

  - A use-after-free issue exists in display box rendering. (Issue 88889)

  - A PDF crash exists with nested functions. (Issue 89142)

  - A cross-origin script injection issue exists. (Issue 89520)

  - A cross-origin violation exists in base URI handling. (Issue 90222)

ID	Name	Product	Family	Severity
60026	Apple iOS < 5.0 Multiple Vulnerabilities (BEAST)	Nessus	Mobile Devices	critical
56483	Safari < 5.1.1 Multiple Vulnerabilities	Nessus	Windows	high
56482	Mac OS X : Apple Safari < 5.1.1	Nessus	MacOS X Local Security Checks	high
800997	Safari < 5.1.1 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
56470	Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
56469	Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
6041	Apple iOS < 5.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
6038	Safari < 5.1.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6037	iTunes < 10.5 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
55765	Google Chrome < 13.0.782.107 Multiple Vulnerabilities	Nessus	Windows	high
800963	Google Chrome < 13.0.782.107 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
51069	FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2011-2790

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins