http://code.google.com/p/chromium/issues/detail?id=100863

http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html

APPLE-SA-2012-03-07-1

APPLE-SA-2012-03-07-2

APPLE-SA-2012-03-12-1

48274

48288

48377

1026774

apple-webkit-cve20113908-code-execution(73807)

oval:org.mitre.oval:def:14791

The mobile device is running a version of iOS that is older than version 5.1. Version 5.1 contains numerous security-related fixes for the following vulnerabilities :

  - Apple iPhone/iPad/iPod Touch prior to iOS 5.1 Multiple     Vulnerabilities (CVE-2012-0641)

  - Apple Mac OS X Integer Overflow Vulnerability     (CVE-2011-3453)

  - Google Chrome prior to 15.0.874.102 Multiple Security     Vulnerabilities (CVE-2011-3887)

  - WebKit Multiple Unspecified Cross-Site Scripting     Vulnerabilities (CVE-2012-0590)

  - Google Chrome prior to 13.0.782.215 Multiple Security     Vulnerabilities (CVE-2011-2825)

  - WebKit Multiple Unspecified Memory Corruption     Vulnerabilities (CVE-2011-2833)

  - Google Chrome prior to 14.0.835.163 Multiple Security     Vulnerabilities (CVE-2011-2846)

  - Google Chrome prior to 14.0.835.202 Multiple Security     Vulnerabilities (CVE-2011-2877)

  - Google Chrome prior to 15.0.874.120 Multiple Security     Vulnerabilities (CVE-2011-3897)

  - Google Chrome prior to 16.0.912.63 Multiple Security     Vulnerabilities (CVE-2011-3908)

  - WebKit SVG Tags Use-After-Free Remote Code Execution     Vulnerability (CVE-2011-3928)

  - Google Chrome prior to 16.0.912.77 Multiple Security     Vulnerabilities (CVE-2012-0591)

  - WebKit Array.Splice Method Remote Code Execution     Vulnerability (CVE-2012-0592)

The remote host has Safari installed. 

Versions of Safari earlier than 5.1.4 are reportedly affected by several issues :

  - Look-alike characters in a URL could be used to masquerade a website. (CVE-2012-0584)

  - Web page visits may be recorded in browser history even when private browsing is active. (CVE-2012-0585)

  - Multiple cross-site scripting issues existed in WebKit. (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589)

  - A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins. (CVE-2011-3887)

  - Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack. (CVE-2012-0590)

  - Multiple memory corruption issues existed in WebKit. (CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2866, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2120-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648(

  - Cookies may be set by third-parties, even when Safari is configured to block them. (CVE-2012-0640)

  - If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site. (CVE-2012-0647)

The version of Safari installed on the remote host reportedly is affected by several issues :
  - Look-alike characters in a URL could be used to     masquerade a website. (CVE-2012-0584)

  - Web page visits may be recorded in browser history even     when private browsing is active. (CVE-2012-0585)

  - Multiple cross-site scripting issues existed in WebKit.     (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587,     CVE-2012-0588, CVE-2012-0589)

  - A cross-origin issue existed in WebKit, which may allow     cookies to be disclosed across origins. (CVE-2011-3887)

  - Visiting a maliciously crafted website and dragging     content with the mouse may lead to a cross-site     scripting attack. (CVE-2012-0590)

  - Multiple memory corruption issues existed in WebKit.
    (CVE-2011-2825, CVE-2011-2833, CVE-2011-2846,      CVE-2011-2847, CVE-2011-2854, CVE-2011-2855,      CVE-2011-2857, CVE-2011-2860, CVE-2011-2866,      CVE-2011-2867, CVE-2011-2868, CVE-2011-2869,      CVE-2011-2870, CVE-2011-2871, CVE-2011-2872,      CVE-2011-2873, CVE-2011-2877, CVE-2011-3885,      CVE-2011-3888, CVE-2011-3897, CVE-2011-3908,      CVE-2011-3909, CVE-2011-3928, CVE-2012-0591,      CVE-2012-0592, CVE-2012-0593, CVE-2012-0594,      CVE-2012-0595, CVE-2012-0596, CVE-2012-0597,      CVE-2012-0598, CVE-2012-0599, CVE-2012-0600,      CVE-2012-0601, CVE-2012-0602, CVE-2012-0603,      CVE-2012-0604, CVE-2012-0605, CVE-2012-0606,      CVE-2012-0607, CVE-2012-0608, CVE-2012-0609,      CVE-2012-0610, CVE-2012-0611, CVE-2012-0612,      CVE-2012-0613, CVE-2012-0614, CVE-2012-0615,      CVE-2012-0616, CVE-2012-0617, CVE-2012-0618,      CVE-2012-0619, CVE-2012-0620, CVE-2012-0621,      CVE-2012-0622, CVE-2012-0623, CVE-2012-0624,      CVE-2012-0625, CVE-2012-0626, CVE-2012-0627,      CVE-2012-0628, CVE-2012-0629, CVE-2012-0630,      CVE-2012-0631, CVE-2012-0632, CVE-2012-0633,      CVE-2012-0635, CVE-2012-0636, CVE-2012-0637,      CVE-2012-0638, CVE-2012-0639, CVE-2012-0648)

   - Cookies may be set by third-parties, even when Safari      is configured to block them. (CVE-2012-0640)

   - If a site uses HTTP authentication and redirects to      another site, the authentication credentials may be      sent to the other site. (CVE-2012-0647)

The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.1.4.  Thus, it is potentially affected by several issues :
 
  - Web page visits may be recorded in browser history even     when private browsing is active. (CVE-2012-0585)

  - Multiple cross-site scripting issues existed in WebKit.     (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587,     CVE-2012-0588, CVE-2012-0589)

  - A cross-origin issue existed in WebKit, which may allow     cookies to be disclosed across origins. (CVE-2011-3887)

  - Visiting a maliciously crafted website and dragging     content with the mouse may lead to a cross-site     scripting attack. (CVE-2012-0590)

  - Multiple memory corruption issues existed in WebKit.
    (CVE-2011-2825, CVE-2011-2833, CVE-2011-2846,      CVE-2011-2847, CVE-2011-2854, CVE-2011-2855,      CVE-2011-2857, CVE-2011-2860, CVE-2011-2866,      CVE-2011-2867, CVE-2011-2868, CVE-2011-2869,      CVE-2011-2870, CVE-2011-2871, CVE-2011-2872,      CVE-2011-2873, CVE-2011-2877, CVE-2011-3885,      CVE-2011-3888, CVE-2011-3897, CVE-2011-3908,      CVE-2011-3909, CVE-2011-3928, CVE-2012-0591,      CVE-2012-0592, CVE-2012-0593, CVE-2012-0594,      CVE-2012-0595, CVE-2012-0596, CVE-2012-0597,      CVE-2012-0598, CVE-2012-0599, CVE-2012-0600,      CVE-2012-0601, CVE-2012-0602, CVE-2012-0603,      CVE-2012-0604, CVE-2012-0605, CVE-2012-0606,      CVE-2012-0607, CVE-2012-0608, CVE-2012-0609,      CVE-2012-0610, CVE-2012-0611, CVE-2012-0612,      CVE-2012-0613, CVE-2012-0614, CVE-2012-0615,      CVE-2012-0616, CVE-2012-0617, CVE-2012-0618,      CVE-2012-0619, CVE-2012-0620, CVE-2012-0621,      CVE-2012-0622, CVE-2012-0623, CVE-2012-0624,      CVE-2012-0625, CVE-2012-0626, CVE-2012-0627,      CVE-2012-0628, CVE-2012-0629, CVE-2012-0630,      CVE-2012-0631, CVE-2012-0632, CVE-2012-0633,      CVE-2012-0635, CVE-2012-0636, CVE-2012-0637,      CVE-2012-0638, CVE-2012-0639, CVE-2012-0648)

   - Cookies may be set by third-parties, even when Safari      is configured to block them. (CVE-2012-0640)

   - If a site uses HTTP authentication and redirects to      another site, the authentication credentials may be      sent to the other site. (CVE-2012-0647)

The version of Apple iTunes on the remote host is prior to version 10.6. It is, therefore, affected by multiple memory corruption vulnerabilities in the WebKit component. Note that these only affect iTunes for Windows.

The version of Apple iTunes installed on the remote Windows host is older than 10.6.  Thus, it is reportedly affected by numerous memory corruption vulnerabilities in its WebKit component.

According to its banner, the remote Apple iOS device is missing a security update.  Versions of Apple iOS 3.0 through 5.1 are affected by vulnerabilities within the following components :
 - CFNetwork
 - HFS
 - Kernel
 - libresolv
 - Passcode Lock
 - Safari
 - Siri
 - VPN
 - WebKit

The remote host is affected by the vulnerability described in GLSA-201201-03 (Chromium, V8: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and V8. Please       review the CVE identifiers and release notes referenced below for       details.
  Impact :

    A context-dependent attacker could entice a user to open a specially       crafted website or JavaScript program using Chromium or V8, possibly       resulting in the execution of arbitrary code with the privileges of the       process, or a Denial of Service condition.
    The attacker could also perform URL bar spoofing.
  Workaround :

    There is no known workaround at this time.

Versions of Google Chrome earlier than 16.0.912.63 are potentially affected by multiple vulnerabilities :

  - Out-of-bounds read errors exist related to regex matching, libxml, the PDF parser, the SVG parser, YUV video frame handling, il8n handling in V8 and PDF cross references. (CVE-2011-3903, CVE-2011-3905, CVE-2011-3906, CVE-2011-3908, CVE-2011-3910, CVE-2011-3911, CVE-2011-3914, CVE-2011-3916)

  - Use-after-free errors exist related to SVG filters, Range handling and bidi handling. (CVE-2011-3904, CVE-2011-3912, CVE-2011-3913)

  - URL bar spoofing is possible due to an error related to 'view source'. (CVE-2011-3907)

  - A memory corruption error exists related to arrays of CSS properties. (CVE-2011-3909)

  - A buffer overflow exists related to PDF font handling. (CVE-2011-3915)

  - A stack-based buffer overflow exists related to the 'FileWatcher'. (CVE-2011-3917)

Google Chrome Releases reports :

[81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching.
Credit to David Holloway of the Chromium development community.
[95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno). [98809] Medium CVE-2011-3906:
Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG.
[99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to Mitja Kolsek of ACROS Security. [100863] Low CVE-2011-3908:
Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG.
[101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu. [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar). [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF.
Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki of the Google Security Team. [102359] High CVE-2011-3912:
Use-after-free in SVG filters. Credit to Arthur Gerkis. [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis. [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Slawomir Blazek. [104529] High CVE-2011-3915:
Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG. [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references. Credit to Atte Kettunen of OUSPG. [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella). [107258] High CVE-2011-3904:
Use-after-free in bidi handling. Credit to Google Chrome Security Team (Inferno) and miaubiz.

The version of Google Chrome installed on the remote host is earlier than 16.0.912.63 and is affected by the following vulnerabilities:

  - Out-of-bounds read errors exist related to regex     matching, libxml, the PDF parser, the SVG parser, YUV     video frame handling, i18n handling in V8 and PDF cross     references. (CVE-2011-3903, CVE-2011-3905,     CVE-2011-3906, CVE-2011-3908, CVE-2011-3910,     CVE-2011-3911, CVE-2011-3914, CVE-2011-3916)

  - Use-after-free errors exist related to SVG filters,     Range handling and bidi handling. (CVE-2011-3904,     CVE-2011-3912, CVE-2011-3913)

  - URL bar spoofing is possible due to an error related     to 'view-source'. (CVE-2011-3907)

  - A memory corruption error exists related to arrays of     CSS properties. (CVE-2011-3909)

  - A buffer overflow exists related to PDF font handling.
    (CVE-2011-3915)

  - A stack-based buffer overflow exists related to the     'FileWatcher'. (CVE-2011-3917)

ID	Name	Product	Family	Severity
74538	openSUSE Security Update : v8 / chromium (openSUSE-2011-93)	Nessus	SuSE Local Security Checks	high
60028	Apple iOS < 5.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high
800987	Safari < 5.1.4 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6346	Safari < 5.1.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
58323	Safari < 5.1.4 Multiple Vulnerabilities	Nessus	Windows	high
58322	Mac OS X : Apple Safari < 5.1.4 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
58320	Apple iTunes < 10.6 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
58319	Apple iTunes < 10.6 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
6344	Apple iOS < 5.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
57456	GLSA-201201-03 : Chromium, V8: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
800943	Google Chrome < 16.0.912.63 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
57292	FreeBSD : chromium -- multiple vulnerabilities (68ac6266-25c3-11e1-b63a-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high
57288	Google Chrome < 16.0.912.63 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2011-3908

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins