About the security content of Safari 3.1.1

This document describes the security content of Safari 3.1.1, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Securitywebsite.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Safari 3.1.1

Safari

CVE-ID: CVE-2007-2398

Available for: Windows XP or Vista

Impact: A maliciously crafted website may control the contents of the address bar.

Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.

Safari

CVE-ID: CVE-2008-1024

Available for: Windows XP or Vista

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

Description: A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.

WebKit

CVE-ID: CVE-2008-1025

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista

Impact: Visiting a malicious website may result in cross-site scripting.

Description: An issue exists in WebKit's handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.

WebKit

CVE-ID: CVE-2008-1026

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista

Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution.

Description: A heap buffer overflow exists in WebKit's handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller, Jake Honoroff, and Mark Daniel working with TippingPoint's Zero Day Initiative for reporting this issue.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.

Published Date: