KLA10075
Multiple vulnerabilities in Apple Safari
Updated: 06/17/2019
Detect date
?
07/25/2012
Severity
?
Critical
Description

Multiple critical vulnerabilities have been found in Apple Safari. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, inject code, bypass security restrictions, spoof user interfaces or read local files. Below is a complete list of vulnerabilities

  1. Unknown vectors can be exploited via a specially designed web site;
  2. Improper handling of autocomoplete can be exploited remotely by leveraging workstations;
  3. Uninitialized memory access can be exploited remotely via a specially designed web site;
  4. Incomplete blacklists can be exploited remotely via homoglyphs;
  5. Improper drag-n-drop handling can be exploited remotely via a specially designed web-site;
  6. Improper CSS handling can be exploited remotely via a specially designed web site;
  7. CRLF injections can be exploited remotely via a specially designed web site;
  8. Improper ‘file:’ URL handling can be exploited remotely via a WebProcess compromise;
  9. XSS can be exploited remotely via a specially designed web site or ‘feed:’ URL;
  10. Unknown vectors can be exploited remotely via ‘feed:’ URLs.
Affected products

Apple Safari versions 5.1.7 and earlier

Solution

5.1.7 became latest version for windows, still containing this vulnerabilities. You can choose another browser to use.

Original advisories

Apple mailing list
Apple safari 5.1.8

Impacts
?
OSI 
[?]

DoS 
[?]

CI 
[?]

SB 
[?]

RLF 
[?]

SUI 
[?]
CVE-IDS
?
CVE-2012-36915.8High
CVE-2012-36904.3Warning
CVE-2012-36269.3Critical
CVE-2012-36279.3Critical
CVE-2012-36369.3Critical
CVE-2012-36539.3Critical
CVE-2012-36559.3Critical
CVE-2012-36569.3Critical
CVE-2012-36159.3Critical
CVE-2012-36935.0Critical
CVE-2012-15209.3Critical
CVE-2012-36099.3Critical
CVE-2012-36504.3Warning
CVE-2012-35939.3Critical
CVE-2012-35899.3Critical
CVE-2012-36039.3Critical
CVE-2012-36059.3Critical
CVE-2012-36049.3Critical
CVE-2012-06805.0Critical
CVE-2012-36679.3Critical
CVE-2012-36964.3Warning
CVE-2012-36944.3Warning
CVE-2012-36954.3Warning
CVE-2012-36299.3Critical
CVE-2012-36409.3Critical
CVE-2012-36089.3Critical
CVE-2012-35999.3Critical
CVE-2012-06784.3Warning
CVE-2012-36359.3Critical
CVE-2012-36349.3Critical
CVE-2012-36259.3Critical
CVE-2012-36459.3Critical
CVE-2012-06839.3Critical
CVE-2012-36639.3Critical
CVE-2012-35969.3Critical
CVE-2012-35949.3Critical
CVE-2012-36209.3Critical
CVE-2012-36119.3Critical
CVE-2012-36709.3Critical
CVE-2012-35979.3Critical
CVE-2012-36009.3Critical
CVE-2012-36339.3Critical
CVE-2012-36789.3Critical
CVE-2012-36799.3Critical
CVE-2012-36289.3Critical
CVE-2012-36379.3Critical
CVE-2012-36749.3Critical
CVE-2012-36399.3Critical
CVE-2012-36109.3Critical
CVE-2012-36189.3Critical
CVE-2012-35919.3Critical
CVE-2012-35929.3Critical
CVE-2012-06794.3Warning
CVE-2012-36419.3Critical
CVE-2012-35959.3Critical
CVE-2012-36977.1High
CVE-2012-36389.3Critical
CVE-2012-35908.8Critical
CVE-2012-36895.8High
CVE-2012-36619.3Critical
CVE-2012-36319.3Critical
CVE-2012-06829.3Critical
CVE-2012-36689.3Critical
CVE-2012-36699.3Critical
CVE-2012-36649.3Critical
CVE-2012-36659.3Critical
CVE-2012-36669.3Critical
CVE-2012-36839.3Critical
CVE-2012-36469.3Critical
CVE-2012-36869.3Critical
CVE-2012-36429.3Critical
CVE-2012-36309.3Critical
CVE-2012-36449.3Critical
CVE-2012-36829.3Critical
CVE-2012-36809.3Critical
CVE-2012-36819.3Critical