1.0.0b2

DATE	CVE	VULNERABILITY TITLE	RISK
2010-03-15	CVE-2010-0051	Improper Input Validation vulnerability in Apple Safari WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. network apple CWE-20	4.3
2010-03-15	CVE-2010-0050	Use After Free vulnerability in multiple products Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. network low complexity apple fedoraproject canonical opensuse CWE-416	8.8
2010-03-15	CVE-2010-0049	Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. network apple CWE-399 critical	9.3
2010-03-15	CVE-2010-0048	Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. network apple CWE-399 critical	9.3
2010-03-15	CVE-2010-0047	Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'WebKit CVE-ID: CVE-2010-0047 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use-after-free issue exists in the handling of HTML object element fallback content. network apple CWE-399 critical	9.3
2010-03-15	CVE-2010-0046	Code Injection vulnerability in Apple Safari The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. network apple CWE-94 critical	9.3
2010-03-15	CVE-2010-0045	Improper Input Validation vulnerability in Apple Safari Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. network apple microsoft CWE-20 critical	9.3
2010-03-15	CVE-2010-0044	Configuration vulnerability in Apple Safari PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. network apple CWE-16	4.3
2010-03-15	CVE-2010-0043	Code Injection vulnerability in Apple Safari ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. network apple microsoft CWE-94 critical	9.3
2010-03-15	CVE-2010-0042	Information Exposure vulnerability in Apple Safari ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. network apple microsoft CWE-200	4.3