10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.965 High
EPSS
Percentile
99.6%
Versions of Safari earlier than 4.1 / 5.0 are potentially affected by multiple vulnerabilities :
A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. (CVE-2009-1726)
Safari supports the inclusion of user information in URLs, which allows the URL to specify a username and password to authenticate the user to the named server. (CVE-2010-1384)
A use after free issue exists in Safari’s management of windows. (CVE-2010-1750)
An implementation issue exists in WebKit’s handling of URLs in the clipboard. (CVE-2010-1388)
Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. (CVE-2010-1389)
A cononicalization issue exists in WebKit’s handling of UTF-7 encoded text. (CVE-2010-1390)
A path traversal issue exists in WebKit’s support for Local Storage and Web SQL database. (CVE-2010-1391)
A use after free issue exists in WebKit’s rendering of HTML buttons. (CVE-2010-1392)
An information disclosure issue exists in WebKit’s handling of Cascading Stylesheets. (CVE-2010-1393)
A use after free issue exists in WebKit’s handling of attribute manipulation. (CVE-2010-1119)
A design issue exists in WebKit’s handling of HTML document fragments. (CVE-2010-1394)
An implementation issue exists in WebKit’s handling of keyboard focus. (CVE-2010-1422)
A scope management issue exists in WebKit’s handling of DOM constructor objects. (CVE-2010-1395)
A use after free issue exists in WebKit’s handling of the removal of container elements. (CVE-2010-1396)
A use after free issue exists in WebKit’s rendering of a selection when the layout changes. (CVE-2010-1397)
A memory corruption issue exists in WebKit’s handling of ordered list insertions. (CVE-2010-1398)
An uninitialized memory access issue exists in WebKit’s handling of selection changes on form input elements. (CVE-2010-1399)
A use after free issue exists in WebKit’s handling of caption elements. (CVE-2010-1400)
A use after free issue exists in WebKit’s handling of the ‘:first-letter’ pseudo-element in cascading stylesheets. (CVE-2010-1401)
a double free issue exists in WebKit’s handling of event listeners in SVG documents. (CVE-2010-1402)
An uninitialized memory access issue exists in WebKit’s handling of ‘use’ elements in SVG documents. (CVE-2010-1403)
A use after free issue exists in WebKit’s handling of SVG documents with multiple ‘use’ elements. (CVE-2010-1404)
A memory corruption issue exists in WebKit’s handling of nested ‘use’ elements in SVG documents. (CVE-2010-1410)
A use after free issue exists in WebKit’s handling of CSS run-ins. (CVE-2010-1749)
A use after free issue exists in WebKit’s handling of HTML elements with custom vertical positioning. (CVE-2010-1405)
When WebKit is redirected from an HTTPS site to an HTTP site, the Referer header is passed to the HTTP site. (CVE-2010-1406)
An integer truncation issue exists in WebKit’s handling of requests to non-default TCP ports. (CVE-2010-1408)
Common IRC service ports are not included in WebKit’s port blacklist. (CVE-2010-1409)
A use after free issue exists in WebKit’s handling of hover events. (CVE-2010-1412)
In certain circumstances, WebKit may send NTLM credentials in plain text. (CVE-2010-1413)
A use after free issue exists in WebKit’s handling of the removeChild DOM method. (CVE-2010-1414)
An API abuse issue exists in WebKit’s handling of libxml contexts. (CVE-2010-1415)
A cross-site image capture issue exists in WebKit. (CVE-2010-1416)
A memory corruption issue exists in WebKit’s rendering of CSS-styled HTML content with multiple :after pseudo-selectors. (CVE-2010-1417)
An input validation issue exists in WebKit’s handling of the src attribute of the frame element (CVE-2010-1418)
A use after free issue exists in WebKit’s handling of drag and drop when the window acting as a source of a drag operation is closed before the drag operation is completed. (CVE-2010-1419)
A design issue exists in the implementation of the JavaScript function execCommand. (CVE-2010-1421)
An issue in WebKit’s handling of malformed URLs may result in a cross-site scripting attack when visiting a maliciously crafted website. (CVE-2010-0544)
A use after free issue exists in WebKit’s handling of DOM Range objects. (CVE-2010-1758)
A use after free issue exists in WebKit’s handling of the Node.normalize method. (CVE-2010-1759)
A use after free issue exist sin WebKit’s rendering of HTML document subtrees. (CVE-2010-1761)
A design issue exists in the handling of HTML contained in textarea elements. (CVE-2010-1762)
A design issue exists in WebKit’s handling of HTTP redirects. (CVE-2010-1764)
A type checking issue exists in WebKit’s handling of text nodes. (CVE-2010-1770)
A use after free issue exists in WebKit’s handling of fonts. (CVE-2010-1771)
An out of bounds memory access issue exists in WebKit’s handling of HTML tables. (CVE-2010-1774)
A design issue exists in WebKit’s handling of the CSS :visited pseudo-class.
Binary data 801012.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1399
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
lists.apple.com/archives/security-announce/2010/Jun/msg00000.html