Safari < 6.1 Multiple Security Vulnerabilities

Medium Nessus Network Monitor Plugin ID 8048

Synopsis

The remote host contains a web browser that is affected by multiple security vulnerabilities.

Description

The remote host has Safari installed. Versions of Safari earlier than 6.1 are reportedly affected by the following vulnerabilities :

- A bounds-checking issue exists related to handling XML files. (CVE-2013-1036)
- Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
- An error exists related to URL handling that could lead to information disclosure. (CVE-2013-2848)
- A cross-site scripting issue exists in WebKit's handling of URLs and drag-and-drop operations. (CVE-2013-5129, CVE-2013-5131)
- Using 'Web Inspector' could negate 'Private Browsing' protections leading to information disclosure. (CVE-2013-5130)

Solution

Upgrade to Safari 6.1 or later.

See Also

http://support.apple.com/kb/HT6000

http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html

Plugin Details

Severity: Medium

ID: 8048

Family: Web Clients

Published: 2013/11/11

Updated: 2019/03/06

Dependencies: 3705

Nessus ID: 70563

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Patch Publication Date: 2013/10/22

Vulnerability Publication Date: 2013/10/22

Reference Information

CVE: CVE-2013-1036, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-2848, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2013-5129, CVE-2013-5130, CVE-2013-5131, CVE-2013-7127

BID: 60067, 60073, 62537, 62539, 62541, 62551, 62553, 62554, 62556, 62557, 62558, 62559, 62560, 62563, 62565, 62567, 62568, 62569, 62570, 62571, 63289, 64409