Mac OS X : Apple Safari < 6.1 Multiple Vulnerabilities
Medium Nessus Plugin ID 70563
SynopsisThe remote host contains a web browser that is affected by several vulnerabilities.
DescriptionThe version of Apple Safari installed on the remote Mac OS X 10.7 or 10.8 host is earlier than 6.1. It is, therefore, potentially affected by several issues :
- A bounds-checking issue exists related to handling XML files. (CVE-2013-1036)
- Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
- An error exists related to URL handling that could lead to information disclosure. (CVE-2013-2848)
- A cross-site scripting issue exists in WebKit's handling of URLs and drag-and-drop operations. (CVE-2013-5129, CVE-2013-5131)
- Using 'Web Inspector' could negate 'Private Browsing' protections leading to information disclosure.
- An error exists related to the 'Reopen All Windows from Last Session' feature that could allow a local attacker to obtain plaintext user ID and password information from the 'LastSession.plist' file.
SolutionUpgrade to Apple Safari 6.1 or later.