Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Safari < 4.1.1 / 5.0.1 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The remote host has Safari installed.

Versions of Safari earlier than 4.1.1 / 5.0.1 are potentially affected by multiple vulnerabilities :

- Safari's AutoFill feature may disclose information to websites without user interaction. (CVE-2010-1796)

- A use after free issue exists in WebKit's handling of element focus may lead to an application crash or arbitrary code execution. (CVE-2010-1780)

- A memory corruption issue exists in WebKit's rendering of inline elements . (CVE-2010-1782)

- A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes .

- A memory corruption issue exists in WebKit's handling of CSS counters . (CVE-2010-1784)

- An uninitialized memory access issue exists in WebKit's handling of the ':first-letter' and ':first-line' pseudo-elements in SVG text elements . (CVE-2010-1785)

- A use after free issue exists in WebKit's handling of foreignObject elements in SVG documents. (CVE-2010-1786)

- A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. (CVE-2010-1787)

- A memory corruption issue exists in WebKit's handling of 'use' elements in SVG documents. (CVE-2010-1788)

- A heap buffer overflow exist sin WebKit's handling of JavaScript string objects. (CVE-2010-1789)

- A re-entrancy issue exists in WebKit's handling of just-in-time compiled JavaScript stubs. (CVE-2010-1790)

- A signedness issue exists in WebKit's handling of JavaScript arrays. (CVE-2010-1791)

- A memory corruption issue exists in WebKit's handling of regular expressions. (CVE-2010-1792)

- A use after free issue exists in WebKit's handling of 'font-face' and 'use' elements in SVG documents. (CVE-2010-1793)

Solution

Upgrade to Safari 4.1.1, 5.0.1, or later.