Apple Safari WebKit Memory Corruption and Cross Site Scripting Vulnerabilties

Last Update Date: 28 Jan 2011 Release Date: 10 Jul 2009 5277 Views

RISK: Medium Risk

Medium Risk

Two vulnerabilities have been identified in Apple Safari, which could be exploited by attackers to gain knowledge of sensitive information or compromise a vulnerable system.

1. An input validation error in WebKit when handling parent and top objects, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.

2. A memory corruption error in WebKit when handling numeric character references, which could be exploited by attackers to crash an affected browser or execute arbitrary code via a malicious web page.

Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Apple Safari versions prior to 4.0.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Apple Safari version 4.0.2 :
http://support.apple.com/downloads/Safari_4

Vulnerability Identifier

Source

Related Link

Share with

Previous

Nokia Phones RealPlayer and MMS Viewer Memory Corruption Vulnerability

9 Jul 2009 5467 Views

Next

MicrosoftOffice Web Components Remote Code Execution Vulnerability

14 Jul 2009 5501 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY