Vulnerabilities > Apple > Safari > 1.0.0b1

DATE CVE VULNERABILITY TITLE RISK
2010-06-11 CVE-2010-1417 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.
network
apple microsoft CWE-119
critical
9.3
2010-06-11 CVE-2010-1416 Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."
4.3
2010-06-11 CVE-2010-1415 Code Injection vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
network
apple microsoft CWE-94
critical
9.3
2010-06-11 CVE-2010-1414 Resource Management Errors vulnerability in Apple Safari and Webkit
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.
network
apple microsoft CWE-399
critical
9.3
2010-06-11 CVE-2010-1413 Cryptographic Issues vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
network
low complexity
apple microsoft CWE-310
5.0
2010-06-11 CVE-2010-1412 Resource Management Errors vulnerability in Apple Safari and Webkit
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
network
apple microsoft CWE-399
critical
9.3
2010-06-11 CVE-2010-1410 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.
network
apple microsoft CWE-119
critical
9.3
2010-06-11 CVE-2010-1409 Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0 and 4.1
Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.
network
apple microsoft
5.8
2010-06-11 CVE-2010-1408 Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.
4.3
2010-06-11 CVE-2010-1406 Information Exposure vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
4.3