Vulnerabilities > Apple > Safari > 1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-19 | CVE-2008-1002 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. | 4.3 |
2007-11-15 | CVE-2007-4698 | Cross-Site Scripting vulnerability in Apple Safari Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. | 4.3 |
2007-11-15 | CVE-2007-4692 | Improper Authentication vulnerability in Apple Safari The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | 4.3 |
2007-09-27 | CVE-2007-4671 | Improper Input Validation vulnerability in Apple Safari Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. | 6.8 |
2007-09-27 | CVE-2007-3760 | Cross-site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. | 4.3 |
2007-09-27 | CVE-2007-3758 | Cross-site Scripting vulnerability in Apple Safari Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. | 4.3 |
2007-09-27 | CVE-2007-3756 | Information Exposure vulnerability in Apple Safari Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. | 4.3 |
2006-03-31 | CVE-2006-1552 | Numeric Errors vulnerability in Apple products Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". | 5.0 |
2005-12-22 | CVE-2005-4504 | Remote Denial of Service vulnerability in Apple Mac OS X KHTMLParser The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag. | 7.8 |
2005-09-21 | CVE-2005-3018 | Unspecified vulnerability in Apple Safari Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL. | 5.0 |