Safari < 4.1.1 / 5.0.1 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801006

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The remote host has Safari installed.

Versions of Safari earlier than 4.1.1 / 5.0.1 are potentially affected by multiple vulnerabilities :

- Safari's AutoFill feature may disclose information to websites without user interaction. (CVE-2010-1796)

- A use after free issue exists in WebKit's handling of element focus may lead to an application crash or arbitrary code execution. (CVE-2010-1780)

- A memory corruption issue exists in WebKit's rendering of inline elements . (CVE-2010-1782)

- A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes .

- A memory corruption issue exists in WebKit's handling of CSS counters . (CVE-2010-1784)

- An uninitialized memory access issue exists in WebKit's handling of the ':first-letter' and ':first-line' pseudo-elements in SVG text elements . (CVE-2010-1785)

- A use after free issue exists in WebKit's handling of foreignObject elements in SVG documents. (CVE-2010-1786)

- A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. (CVE-2010-1787)

- A memory corruption issue exists in WebKit's handling of 'use' elements in SVG documents. (CVE-2010-1788)

- A heap buffer overflow exist sin WebKit's handling of JavaScript string objects. (CVE-2010-1789)

- A re-entrancy issue exists in WebKit's handling of just-in-time compiled JavaScript stubs. (CVE-2010-1790)

- A signedness issue exists in WebKit's handling of JavaScript arrays. (CVE-2010-1791)

- A memory corruption issue exists in WebKit's handling of regular expressions. (CVE-2010-1792)

- A use after free issue exists in WebKit's handling of 'font-face' and 'use' elements in SVG documents. (CVE-2010-1793)

Solution

Upgrade to Safari 4.1.1, 5.0.1, or later.

See Also

support.apple.com/kb/HT4276

lists.apple.com/archives/security-announce/2010/Jul/msg00001.html

Plugin Details

Severity: High

ID: 801006

Family: Web Clients

Published: 7/28/2010

Nessus ID: 47887, 47888

Vulnerability Information

Patch Publication Date: 7/28/2010

Vulnerability Publication Date: 7/28/2010

Reference Information

CVE: CVE-2010-1778, CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1796

BID: 41884, 42034, 42035, 42036, 42037, 42038, 42039, 42041, 42042, 42043, 42044, 42045, 42046, 42048, 42049