exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 42264

Secunia Security Advisory 42264
Posted Nov 19, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system.

tags | advisory, spoof, vulnerability
systems | apple
SHA-256 | b8844e461e5295ba25a223b7dd3cf558dc4225a3a12ae5908268714f55a5240d

Secunia Security Advisory 42264

Change Mirror Download
----------------------------------------------------------------------


Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.

Join the beta:
http://secunia.com/products/corporate/vim/


----------------------------------------------------------------------

TITLE:
Apple Safari Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA42264

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264

RELEASE DATE:
2010-11-19

DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)

http://secunia.com/advisories/42264/

ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=42264

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.

1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.

2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.

3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.

For more information:
SA41328

4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.

5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.

This is related to vulnerability #12 in:
SA41242

6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.

7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.

8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.

9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.

10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.

11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.

12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.

This is related to vulnerability #5 in:
SA41014

13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.

This is related to vulnerability #10 in:
SA41242

14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.

15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.

16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.

17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.

18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.

19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.

20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.

21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.

22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.

23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.

This is related to vulnerability #2 in:
SA41443

24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.

SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).

PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer

The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc

ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455

Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf

OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close