Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Apple Safari Multiple Vulnerabilities

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Apple Safari Multiple Vulnerabilities

Secunia Apple Safari Multiple Vulnerabilities
Secunia Official 28th Nov, 2010 19:38
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system.

1) An integer overflow error in the handling of strings can be exploited to corrupt memory and potentially execute arbitrary code.

2) A weakness in the random number generator for JavaScript applications can be exploited to e.g. track users.

3) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system.

For more information:
SA41328

4) An integer underflow error in the handling of WebSockets can be exploited to corrupt memory and potentially execute arbitrary code.

5) An unspecified error in the handling of images created from "canvas" elements can be exploited to conduct cross-origin image thefts.

This is related to vulnerability #12 in:
SA41242

6) An invalid cast in the handling of editing commands can potentially be exploited to execute arbitrary code.

7) An invalid cast in the handling of inline styling can potentially be exploited to execute arbitrary code.

8) An error within the handling of the History object can be exploited to spoof the address in the location bar or add arbitrary locations to the history.

9) A use-after-free error in the handling of element attributes can be exploited to corrupt memory and potentially execute arbitrary code.

10) An integer overflow error within the wholeText method of Text objects can be exploited to cause a buffer overflow and potentially execute arbitrary code.

11) A weakness is caused due to WebKit performing DNS prefetching for HTML Link elements even when it is disabled.

12) Multiple use-after-free errors in the handling of plugins can be exploited to corrupt memory and potentially execute arbitrary code.

This is related to vulnerability #5 in:
SA41014

13) A use-after-free error in the handling of element focus can be exploited to corrupt memory and potentially execute arbitrary code.

This is related to vulnerability #10 in:
SA41242

14) A use-after-free error in the handling of scrollbars can be exploited to corrupt memory and potentially execute arbitrary code.

15) An invalid cast in the handling of CSS 3D transforms can potentially be exploited to execute arbitrary code.

16) A use-after-free error in the handling of inline text boxes can be exploited to corrupt memory and potentially execute arbitrary code.

17) An invalid cast in the handling of CSS boxes can potentially be exploited to execute arbitrary code.

18) An unspecified error in the handling of editable elements can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code.

19) An unspecified error in the handling of the ':first-letter' pseudo-element in cascading stylesheets can be exploited to corrupt memory and potentially execute arbitrary code.

20) An uninitialised pointer error in the handling of CSS counter styles can potentially be exploited to execute arbitrary code.

21) A use-after-free error in the handling of Geolocation objects can be exploited to corrupt memory and potentially execute arbitrary code.

22) A use-after-free error in the handling of "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code.

23) An invalid cast in the handling of SVG elements in non-SVG documents can potentially be exploited to execute arbitrary code.

This is related to vulnerability #2 in:
SA41443

24) An invalid cast in the handling of colors in SVG documents can potentially be exploited to execute arbitrary code.

bravejoe RE: Apple Safari Multiple Vulnerabilities
Member 28th Nov, 2010 19:38
Score: -1
Posts: 4
User Since: 29th Nov 2008
System Score: N/A
Location: N/A
Last edited on 28th Nov, 2010 19:38
If I've updated to the above referenced version of Safari, 5.0.3, then why does it still show up as a threat? I've rescanned already...
Was this reply relevant?
+1
-2
mogs RE: Apple Safari Multiple Vulnerabilities
Expert Contributor 28th Nov, 2010 21:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello bravejoe.
This section of the forum is reserved for discussion specifically related to the advisory....please use other sections in future....thankyou.
If, as you say, you have already updated to the version quoted as the solution; and yet an insecurity is still being detected by psi....it's likely the previous version hasn't been removed. Secunia continues to detect even if still in the Recycle bin.
Hope this helps.....regards,

--
Was this reply relevant?
+1
-2
Maurice Joyce RE: Apple Safari Multiple Vulnerabilities
Handling Contributor 28th Nov, 2010 23:38
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Secunia are stating there are 4 vulnerabilities with Safari.

Even when fully patched there is one outstanding problem that has not been fixed by the vendor which is explained here:

http://secunia.com/advisories/product/30282/



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability