About the security content of Safari 5.0.3 and Safari 4.1.3

This document describes the security content of Safari 5.0.3 and Safari 4.1.3.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE-IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

Safari 5.0.3 and Safari 4.1.3

  • CFNetwork

    • CVE-ID: CVE-2010-1752

    • Available for: Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Laurent OUDOT of TEHTRI-Security for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3803

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An integer overflow exists in WebKit's handling of strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3804

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Websites may surreptitiously track users

    • Description: Safari generates random numbers for JavaScript applications using a predictable algorithm. This may allow a website to track a particular Safari session without using cookies, hidden form elements, IP addresses, or other techniques. This update addresses the issue by using a stronger random number generator. Credit to Amit Klein of Trusteer for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-1815

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A use after free issue exists in WebKit's handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to thabermann for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3805

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An integer underflow exists in WebKit's handling of WebSockets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Keith Campbell, and Cris Neckar of Google Chrome Security Team for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3259

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a malicious website may lead to the disclosure of image data from another website

    • Description: A cross-origin issue exists in WebKit's handling of images created from "canvas" elements. Visiting a malicious website may lead to the disclosure of image data from another website. This issue is addressed through improved tracking of security origins. Credit to Isaac Dawson, and James Qiu of Microsoft and Microsoft Vulnerability Research (MSVR) for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3808

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An invalid cast issue exists in WebKit's handling of editing commands. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editing commands. Credit to wushi of team509 for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-1812

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A use after free issue exists in WebKit's handling of selections. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to chipplyman for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3809

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An invalid cast issue exists in WebKit's handling of inline styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of inline styling. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-1814

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A memory corruption issue exists in WebKit's handling of form menus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of form menus. Credit to Csaba Osztrogonac of University of Szeged for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3810

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the history

    • Description: A cross-origin issue exists in WebKit's handling of the History object. A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the history. This issue is addressed through improved tracking of security origins. Credit to Mike Taylor of Opera Software for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3811

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A use after free issue exists in WebKit's handling of element attributes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Michal Zalewski for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3812

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An integer overflow exists in WebKit's handling of Text objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3813

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: WebKit may perform DNS prefetching even when it is disabled

    • Description: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the operation even if prefetching is disabled. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed through improved handling of DNS prefetching requests. Credit to Jeff Johnson of Rogue Amoeba Software for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3116

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: Multiple use after free issues exist in WebKit's handling of plug-ins. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved memory handling.

  • WebKit

    • CVE-ID: CVE-2010-3257

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to VUPEN Vulnerability Research Team, and an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3816

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A use after free issue exists in WebKit's handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Rohit Makasana of Google Inc. for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3817

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An invalid cast issue exists in WebKit's handling of CSS 3D transforms. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS 3D transforms. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3818

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A use after free issue exists in WebKit's handling of inline text boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3819

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An invalid cast issue exists in WebKit's handling of CSS boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS boxes. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3820

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An uninitialized memory access issue exists in WebKit's handling of editable elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editable elements. Credit: Apple.

  • WebKit

    • CVE-ID: CVE-2010-1813

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A memory corruption issue exists in WebKit's rendering of HTML object outlines. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3821

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A memory corruption issue exists in WebKit's handling of the ':first-letter' pseudo-element in cascading stylesheets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of the ':first-letter' pseudo-element. Credit to Cris Neckar and Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3822

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An uninitialized pointer issue exists in WebKit's handling of CSS counter styles. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS counter styles. Credit to kuzzcc for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3823

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A use after free issue exists in WebKit's handling of Geolocation objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to kuzzcc for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3824

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: A use after free issue exists in WebKit's handling "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to wushi of team509 for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-1822

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An invalid cast issue exists in WebKit's handling of SVG elements in non-SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of SVG elements. Credit to wushi of team509 for reporting this issue.

  • WebKit

    • CVE-ID: CVE-2010-3826

    • Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later, Windows 7, Vista, XP SP2 or later

    • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    • Description: An invalid cast issue exists in WebKit's handling of colors in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of colors in SVG documents. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.

Published Date: