Vulnerabilities > Apple > Safari > 2.0

DATE CVE VULNERABILITY TITLE RISK
2010-11-22 CVE-2010-3817 Unspecified vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
network
apple microsoft
critical
9.3
2010-11-22 CVE-2010-3816 Resource Management Errors vulnerability in Apple Safari and Webkit
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
network
apple microsoft CWE-399
critical
9.3
2010-11-22 CVE-2010-3813 Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.
5.8
2010-11-22 CVE-2010-3812 Numeric Errors vulnerability in Apple Safari and Webkit
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.
network
apple microsoft CWE-189
critical
9.3
2010-11-22 CVE-2010-3811 Resource Management Errors vulnerability in Apple Safari and Webkit
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.
network
apple microsoft CWE-399
critical
9.3
2010-11-22 CVE-2010-3810 Unspecified vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.
network
apple microsoft
4.3
2010-11-22 CVE-2010-3809 Code Injection vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
network
apple microsoft CWE-94
critical
9.3
2010-11-22 CVE-2010-3808 Code Injection vulnerability in Apple Safari and Webkit
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
network
apple microsoft CWE-94
critical
9.3
2010-11-22 CVE-2010-3805 Numeric Errors vulnerability in Apple Safari and Webkit
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets.
network
apple microsoft CWE-189
critical
9.3
2010-11-22 CVE-2010-3804 Cryptographic Issues vulnerability in Apple Safari and Webkit
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
network
low complexity
apple microsoft CWE-310
5.0