Vulnerabilities > Apple > Safari > 3.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-11 | CVE-2010-1390 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. | 4.3 |
| 2010-06-11 | CVE-2010-1389 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. | 4.3 |
| 2010-06-11 | CVE-2010-1388 | Information Exposure vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. | 4.3 |
| 2010-06-11 | CVE-2010-1385 | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 9.3 |
| 2010-06-11 | CVE-2010-1384 | Information Exposure vulnerability in Apple Safari Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. | 4.3 |
| 2010-03-25 | CVE-2010-1119 | Resource Management Errors vulnerability in Apple products Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. | 10.0 |
| 2010-03-15 | CVE-2010-0054 | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. | 9.3 |
| 2010-03-15 | CVE-2010-0053 | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. | 9.3 |
| 2010-03-15 | CVE-2010-0052 | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html CVE-ID: CVE-2010-0052 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use-after-free issue exists in WebKit's handling of callbacks for HTML elements. | 9.3 |
| 2010-03-15 | CVE-2010-0051 | Improper Input Validation vulnerability in Apple Safari WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. | 4.3 |