Safari < 6.1 Multiple Security Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8048
SynopsisThe remote host contains a web browser that is affected by multiple security vulnerabilities.
DescriptionThe remote host has Safari installed. Versions of Safari earlier than 6.1 are reportedly affected by the following vulnerabilities :
- A bounds-checking issue exists related to handling XML files. (CVE-2013-1036)
- Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
- An error exists related to URL handling that could lead to information disclosure. (CVE-2013-2848)
- A cross-site scripting issue exists in WebKit's handling of URLs and drag-and-drop operations. (CVE-2013-5129, CVE-2013-5131)
- Using 'Web Inspector' could negate 'Private Browsing' protections leading to information disclosure. (CVE-2013-5130)
SolutionUpgrade to Safari 6.1 or later.