Vulnerabilities > Apple > Safari > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-28 | CVE-2007-3482 | Cross-Site Scripting vulnerability in Apple Safari Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. | 7.8 |
| 2007-06-21 | CVE-2007-2398 | Unspecified vulnerability in Apple Safari 3.0.1 Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | 7.1 |
| 2007-06-19 | CVE-2007-3284 | Denial of Service vulnerability in Apple Safari 3.0.1 corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. | 7.8 |
| 2007-06-12 | CVE-2007-3187 | Denial-Of-Service vulnerability in Apple Safari 3.0 Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. | 7.5 |
| 2007-06-12 | CVE-2007-3185 | Resource Management Errors vulnerability in Apple Safari 3.0.1 Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | 7.8 |
| 2007-04-24 | CVE-2007-2175 | Unspecified vulnerability in Apple Safari Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. | 7.6 |
| 2007-02-01 | CVE-2007-0646 | USE of Externally-Controlled Format String vulnerability in Apple Imovie, mac OS X and Safari Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. | 7.1 |
| 2007-02-01 | CVE-2007-0644 | Products Format String vulnerability in Apple Safari 2.0.4419.3 Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. network apple | 7.1 |
| 2006-07-31 | CVE-2006-3946 | Buffer Errors vulnerability in Apple mac OS X and Safari WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. | 7.5 |
| 2006-04-21 | CVE-2006-1987 | Multiple Security vulnerability in Apple Mac OS X Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. | 7.5 |