Vulnerabilities > Apple > Safari > 2.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-19 | CVE-2008-1002 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. | 4.3 |
2008-01-16 | CVE-2008-0298 | Improper Input Validation vulnerability in Apple Safari KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | 4.3 |
2007-11-15 | CVE-2007-4698 | Cross-Site Scripting vulnerability in Apple Safari Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. | 4.3 |
2007-11-15 | CVE-2007-4692 | Improper Authentication vulnerability in Apple Safari The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | 4.3 |
2007-09-27 | CVE-2007-4671 | Improper Input Validation vulnerability in Apple Safari Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. | 6.8 |
2007-09-27 | CVE-2007-3760 | Cross-site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. | 4.3 |
2007-09-27 | CVE-2007-3758 | Cross-site Scripting vulnerability in Apple Safari Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. | 4.3 |
2007-09-27 | CVE-2007-3756 | Information Exposure vulnerability in Apple Safari Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. | 4.3 |
2007-06-12 | CVE-2007-3186 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | 9.3 |
2007-05-24 | CVE-2007-2843 | Information Disclosure vulnerability in Apple Safari 2.0.4 Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. | 10.0 |