Skip to content

November 19, 2010

Apple Releases Safari 5.0.3 and 4.1.3

Safari updates 5.0.3 and 4.1.3 (for both Mac OS X and Windows) have been released to patch a number of WebKit vulnerabilities, some of which can lead to arbitrary remote code execution.

Fire up your Software Update! Hit the jump for full details of the vulnerabilities fixed.

Safari 5.0.3 and Safari 4.1.3

  • WebKitCVE-ID: CVE-2010-3803Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow exists in WebKit’s handling of strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3804Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Websites may surreptitiously track users

    Description: Safari generates random numbers for JavaScript applications using a predictable algorithm. This may allow a website to track a particular Safari session without using cookies, hidden form elements, IP addresses, or other techniques. This update addresses the issue by using a stronger random number generator. Credit to Amit Klein of Trusteer for reporting this issue.

  • WebKitCVE-ID: CVE-2010-1815Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit’s handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to thabermann for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3805Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An integer underflow exists in WebKit’s handling of WebSockets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Keith Campbell, and Cris Neckar of Google Chrome Security Team for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3259Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a malicious website may lead to the disclosure of image data from another website

    Description: A cross-origin issue exists in WebKit’s handling of images created from “canvas” elements. Visiting a malicious website may lead to the disclosure of image data from another website. This issue is addressed through improved tracking of security origins. Credit to Isaac Dawson, and James Qiu of Microsoft and Microsoft Vulnerability Research (MSVR) for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3808Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid cast issue exists in WebKit’s handling of editing commands. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editing commands. Credit to wushi of team509 for reporting this issue.

  • WebKitCVE-ID: CVE-2010-1812Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit’s handling of selections. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to chipplyman for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3809Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid cast issue exists in WebKit’s handling of inline styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of inline styling. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKitCVE-ID: CVE-2010-1814Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit’s handling of form menus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of form menus. Credit to Csaba Osztrogonac of University of Szeged for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3810Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the history

    Description: A cross-origin issue exists in WebKit’s handling of the History object. A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the history. This issue is addressed through improved tracking of security origins. Credit to Mike Taylor of Opera Software for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3811Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit’s handling of element attributes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Michal Zalewski for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3812Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow exists in WebKit’s handling of Text objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3813Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: WebKit may perform DNS prefetching even when it is disabled

    Description: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the operation even if prefetching is disabled. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed through improved handling of DNS prefetching requests. Credit to Jeff Johnson of Rogue Amoeba Software for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3116Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple use after free issues exist in WebKit’s handling of plug-ins. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved memory handling.

  • WebKitCVE-ID: CVE-2010-3257Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit’s handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to VUPEN Vulnerability Research Team for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3816Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit’s handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Rohit Makasana of Google Inc. for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3817Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid cast issue exists in WebKit’s handling of CSS 3D transforms. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS 3D transforms. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3818Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit’s handling of inline text boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3819Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid cast issue exists in WebKit’s handling of CSS boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS boxes. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3820Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in WebKit’s handling of editable elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editable elements. Credit: Apple.

  • WebKitCVE-ID: CVE-2010-1813Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit’s rendering of HTML object outlines. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3821Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit’s handling of the ‘:first-letter’ pseudo-element in cascading stylesheets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of the ‘:first-letter’ pseudo-element. Credit to Cris Neckar and Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3822Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized pointer issue exists in WebKit’s handling of CSS counter styles. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS counter styles. Credit to kuzzcc for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3823Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit’s handling of Geolocation objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to kuzzcc for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3824Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit’s handling “use” elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to wushi of team509 for reporting this issue.

  • WebKitCVE-ID: CVE-2010-1822Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid cast issue exists in WebKit’s handling of SVG elements in non-SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of SVG elements. Credit to wushi of team509 for reporting this issue.

  • WebKitCVE-ID: CVE-2010-3826Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid cast issue exists in WebKit’s handling of colors in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of colors in SVG documents. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

css.php