Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24396
HistoryAug 08, 2010 - 12:00 a.m.

About the security content of Safari 5.0.1 and Safari 4.1.1

2010-08-0800:00:00
vulners.com
25

About the security content of Safari 5.0.1 and Safari 4.1.1

* Last Modified: July 28, 2010
* Article: HT4276

Summary

This document describes the security content of Safari 5.0.1 and Safari 4.1.1.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."
Products Affected

Product Security, Safari 4 (Mac OS X 10.4), Safari 5 (Windows), Safari 5 (Mac OS X 10.6), Safari 5 (Mac OS X 10.5)
Safari 5.0.1 and Safari 4.1.1

*

  Safari

  CVE-ID: CVE-2010-1778

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server

  Description: A cross-site scripting issue exists in Safari's handling of RSS feeds. Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server. This issue is addressed through improved handling of RSS feeds. Credit to Billy Rios of the Google Security Team for reporting this issue.

*

  Safari

  CVE-ID: CVE-2010-1796

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Safari's AutoFill feature may disclose information to websites without user interaction

  Description: Safari's AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book.  By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction. This can result in the disclosure of information contained within the user's Address Book Card. To trigger the issue, the following two situations are required. First, in Safari Preferences, under AutoFill, the "Autofill web forms using info from my Address Book card" checkbox must be selected. Second, the user's Address Book must have a Card designated as "My Card". Only the information in that specific card is accessed via AutoFill. This issue is addressed by prohibiting AutoFill from using information without user action. Devices running iOS are not affected. Credit to Jeremiah Grossman of WhiteHat Security for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1780

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of element focus. Credit to Tony Chang of Google, Inc. for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1782

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to wushi of team509 for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1783

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.

*

  WebKit

  CVE-ID: CVE-2010-1784

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue exists in WebKit's handling of CSS counters. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1785

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An uninitialized memory access issue exists in WebKit's handling of the :first-letter and :first-line pseudo-elements in SVG text elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by not rendering :first-letter or :first-line pseudo-elements in SVG text elements. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1786

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit's handling of foreignObject elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through additional validation of SVG documents. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1787

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.

*

  WebKit

  CVE-ID: CVE-2010-1788

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue exists in WebKit's handling of 'use' elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of 'use' elements in SVG documents. Credit to Justin Schuh of Google, Inc. for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1789

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A heap buffer overflow exists in WebKit's handling of JavaScript string objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.

*

  WebKit

  CVE-ID: CVE-2010-1790

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A reentrancy issue exists in WebKit's handling of just-in-time compiled JavaScript stubs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved synchronization.

*

  WebKit

  CVE-ID: CVE-2010-1791

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A signedness issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of JavaScript array indices. Credit to Natalie Silvanovich for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1792

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue exists in WebKit's handling of regular expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of regular expressions. Credit to Peter Varga of University of Szeged for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1793

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit's handling of "font-face" and "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "font-face" and "use" elements in SVG documents. Credit to Aki Helin of OUSPG for reporting this issue.