Computer Security
[EN] securityvulns.ru no-pyccku


WebKit / Apple Safari / Google Chrome multiple security vulnerabilities
updated since 22.07.2011
Published:01.08.2011
Source:
SecurityVulns ID:11798
Type:library
Threat Level:
9/10
Description:WebKit and Apple libraries multiple security vulnerabilities
Affected:APPLE : Safari 5.0
 APPLE : Safari 5.1
CVE:CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.)
 CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-1451 (Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers.")
 CVE-2011-1449 (Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1296 (Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
 CVE-2011-1295 (WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-1204 (Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.)
 CVE-2011-1203 (Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
 CVE-2011-1190 (The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak.")
 CVE-2011-1188 (Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.)
 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes.")
 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node.")
 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
 CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.)
 CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
 CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
 CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.)
 CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.)
 CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.)
 CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.)
 CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.)
 CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.)
 CVE-2011-0215 (ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.)
 CVE-2011-0214 (CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.)
 CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.)
 CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.)
 CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.)
 CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.)
 CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.)
 CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.)
 CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.)
 CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.)
 CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.)
 CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.)
 CVE-2010-1383 (CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.)
Original documentdocumentZDI, ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability (01.08.2011)
 documentZDI, ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability (01.08.2011)
 documentZDI, ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability (01.08.2011)
 documentZDI, ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability (01.08.2011)
 documentZDI, ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability (01.08.2011)
 documentIDEFENSE, iDefense Security Advisory 07.20.11: Multiple Vendor WebKit MathML Use-After-Free Vulnerability (22.07.2011)
 documentIDEFENSE, iDefense Security Advisory 07.20.11: Safari WebKit TIFF Use-After-Free Vulnerability (22.07.2011)
 documentIDEFENSE, iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability (22.07.2011)
 documentIDEFENSE, iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability (22.07.2011)
 documentIDEFENSE, iDefense Security Advisory 07.20.11: Multiple Vendor WebKit SVG animVal Memory Corruption Vulnerability (22.07.2011)
 documentAPPLE, APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 (22.07.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod