CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Safari » : Security Vulnerabilities

Cpe Name:cpe:/a:apple:safari
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-7153 200 +Info 2016-09-06 2017-02-19
5.0
None Remote Low Not required Partial None None
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
2 CVE-2016-7152 200 +Info 2016-09-06 2017-02-19
5.0
None Remote Low Not required Partial None None
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
3 CVE-2016-4604 601 2016-07-21 2017-08-31
5.8
None Remote Medium Not required Partial Partial None
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
4 CVE-2015-8960 310 2016-09-20 2018-06-27
6.8
None Remote Medium Not required Partial Partial Partial
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.
5 CVE-2015-4000 310 2015-05-20 2019-10-09
4.3
None Remote Medium Not required None Partial None
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
6 CVE-2015-2808 310 2015-03-31 2018-01-18
4.3
None Remote Medium Not required Partial None None
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
7 CVE-2013-2566 310 2013-03-15 2018-01-18
4.3
None Remote Medium Not required Partial None None
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
8 CVE-2012-3715 310 +Info 2012-09-20 2017-08-28
4.3
None Remote Medium Not required Partial None None
Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.
9 CVE-2012-3714 264 2012-09-20 2017-08-28
4.3
None Remote Medium Not required Partial None None
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
10 CVE-2012-3713 264 2012-09-20 2017-08-28
4.3
None Remote Medium Not required Partial None None
Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document.
11 CVE-2012-0647 200 +Info 2012-03-12 2018-01-05
5.0
None Remote Low Not required Partial None None
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
12 CVE-2011-3243 79 XSS 2011-10-14 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
13 CVE-2011-3242 200 +Info 2011-10-14 2017-08-28
5.0
None Remote Low Not required Partial None None
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.
14 CVE-2011-3231 94 Exec Code 2011-10-14 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.
15 CVE-2011-3230 264 Exec Code 2011-10-14 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
16 CVE-2011-3229 22 Exec Code Dir. Trav. 2011-10-14 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.
17 CVE-2011-0132 399 DoS Exec Code Mem. Corr. 2011-03-03 2011-03-17
7.6
None Remote High Not required Complete Complete Complete
Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
18 CVE-2011-0115 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2011-03-17
7.6
None Remote High Not required Complete Complete Complete
The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
19 CVE-2010-2454 264 2010-06-25 2017-08-16
4.3
None Remote Medium Not required None Partial None
Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.
20 CVE-2010-1729 399 DoS 2010-05-06 2011-02-17
4.3
None Remote Medium Not required None None Partial
WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.
21 CVE-2010-1180 94 DoS Exec Code 2010-03-29 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.
22 CVE-2010-1179 189 1 DoS Exec Code 2010-03-29 2010-03-30
9.3
None Remote Medium Not required Complete Complete Complete
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.
23 CVE-2010-1178 DoS 2010-03-29 2017-08-16
4.3
None Remote Medium Not required None None Partial
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.
24 CVE-2010-1177 94 DoS Exec Code 2010-03-29 2010-03-30
9.3
None Remote Medium Not required Complete Complete Complete
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.
25 CVE-2010-1176 94 1 DoS Exec Code 2010-03-29 2010-03-30
9.3
None Remote Medium Not required Complete Complete Complete
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075.
26 CVE-2010-1099 264 Overflow Bypass 2010-03-24 2018-10-10
5.0
None Remote Low Not required None Partial None
Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
27 CVE-2010-1029 399 2 DoS Exec Code 2010-03-19 2019-09-26
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.
28 CVE-2010-0314 2010-01-14 2011-03-17
5.0
None Remote Low Not required Partial None None
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.
29 CVE-2009-3271 20 1 DoS 2009-09-21 2017-09-18
4.3
None Remote Medium Not required None None Partial
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
30 CVE-2009-1692 399 DoS 2009-06-19 2018-10-10
7.1
None Remote Medium Not required None None Complete
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
31 CVE-2009-1600 264 Bypass 2009-05-11 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
32 CVE-2009-1060 Exec Code 2009-03-24 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009.
33 CVE-2009-1042 Exec Code 2009-03-23 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
34 CVE-2009-0137 20 2009-02-12 2009-08-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."
35 CVE-2009-0123 200 +Info 2009-01-15 2017-08-07
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
36 CVE-2009-0070 189 DoS 2009-01-08 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.
37 CVE-2008-7296 264 2011-08-09 2012-08-02
5.8
None Remote Medium Not required None Partial Partial
Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
38 CVE-2008-5914 2009-01-20 2009-01-23
2.1
None Remote High Single system None Partial None
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
39 CVE-2008-4233 2008-11-25 2008-12-03
2.6
None Remote High Not required None None Partial
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
40 CVE-2008-4232 2008-11-25 2008-12-03
5.0
None Remote Low Not required None Partial None
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
41 CVE-2008-4231 399 DoS Exec Code Mem. Corr. 2008-11-25 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
42 CVE-2008-3950 189 DoS 2008-09-16 2018-10-11
5.0
None Remote Low Not required None None Partial
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
43 CVE-2008-3171 200 +Info 2008-07-14 2017-08-07
5.0
None Remote Low Not required Partial None None
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
44 CVE-2008-3170 264 2008-07-14 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867.
45 CVE-2008-2317 399 DoS Exec Code 2008-07-14 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.
46 CVE-2008-2303 189 DoS Exec Code 2008-07-14 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
47 CVE-2008-1589 20 2008-07-14 2017-08-07
4.3
None Remote Medium Not required None Partial None
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.
48 CVE-2008-1588 20 2008-07-14 2017-08-07
4.3
None Remote Medium Not required None Partial None
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.
49 CVE-2008-1580 200 +Info 2008-06-02 2017-08-07
4.3
None Remote Medium Not required Partial None None
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
50 CVE-2008-0894 DoS 2008-02-21 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.
Total number of vulnerabilities : 72   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.