<< Previous Next >>
Apple WebKit
ZDI-11-243: WebKit ContentEditable Inline Style Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-243
July 27, 2011
-- CVE ID:
CVE-2011-0232
-- CVSS:
ZDI-11-100: Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-100
March 2, 2011
-- CVE ID:
CVE-2011-0149
-- CVSS:
ZDI-10-094: Apple Webkit SelectionController via Marquee Event Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-094
June 8, 2010
-- CVE ID:
CVE-2010-1399
-- Affected Vendors:
Apple
ZDI-10-092: Apple Webkit Option Element ContentEditable Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-092
June 8, 2010
-- CVE ID:
CVE-2010-1396
-- Affected Vendors:
Apple
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 08, 2009
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by the
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 10462.
For further product information on the TippingPoint IPS, visit:
ZDI-11-099: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-099
March 2, 2011
-- CVE ID:
CVE-2011-0133
-- CVSS:
Linux version 2.6 for core system services such as security, memory
management, process management, network stack, and driver model. The
kernel also acts as an abstraction layer between the hardware and the
rest of the software stack.
The WebKit application framework is included to facilitate development
of web client application functionality. The framework in turn uses
different third-party open source libraries to implement processing of
several image formats.
Android includes a web browser based on the Webkit framework that
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 10849.
For further product information on the TippingPoint IPS, visit:
ZDI-10-031: Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-031
March 16, 2010
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-141
August 5, 2010
-- CVE ID:
CVE-2010-1786
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-033
June 8, 2009
-- CVE ID:
CVE-2009-1701
-- Affected Vendors:
Apple
ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-032
June 8, 2009
-- CVE ID:
CVE-2009-1698
-- Affected Vendors:
Apple
ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-095
March 2, 2011
-- CVE ID:
CVE-2010-1824
-- CVSS:
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11273.
For further product information on the TippingPoint IPS, visit:
context-dependent attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a large precision
value in the format argument to a printf function, related to an
array overrun. (CVE-2009-0689)
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Safari Webkit. User interaction is
required to exploit this vulnerability in that the target must visit a
===========================================================
Ubuntu Security Notice USN-1006-1 October 19, 2010
webkit vulnerabilities
https://launchpad.net/bugs/660075
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 07, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
===========================================================
Ubuntu Security Notice USN-676-1 November 24, 2008
webkit vulnerability
CVE-2008-3632
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 11, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
to why these issues could not be investigated earlier, I refused;
more info here:
http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt
* All WebKit browsers: WebKit project notified in July 2010. About two dozen
crashes identified and addressed in bug 42959 and related efforts by
several volunteers. Relevant patches generally released with attribution
in security bulletins. Some extremely hard-to-debug memory corruption
problems still occurring on trunk.
ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-022
April 16, 2008
-- CVE ID:
CVE-2008-1026
-- Affected Vendors:
Apple
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I could not duplicate this with either Chrome or Safari (which also uses
WebKit). I am using WinXP SP3 and Chrome v0.2.149.27 build 1538. I
wonder if this is instead an issue with your Windows installation
rendering the tool-tip for the title (which is default with browsers
using WebKit).
I tried varying values all the way up to 2147483647. Of course, the
* Nokia Mini Map Browser (S60WebKit <= 21772)
The tested device has the following User-Agent:
Mozilla/5.0 (SymbianOS/9.2;U;Series60/3.1 NokiaE90-1/210.34.75
Profile/MIDP-2.0 Configuration/CLDC-1.1) AppleWebKit/413 (KHTML)
Safari/413
Note: Although the Nokia Web Browser is built upon a port of the
open source WebKit used by Apple for its browser, the iPhone is not
affected (at least the iPhone firmware version 2.0.2(5C1))
ZDI-10-146: Apple Webkit Anchor Tag Mouse Click Event Dispatch Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-146
August 9, 2010
-- CVE ID:
CVE-2010-0048
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
3. *Vulnerability Description*
Apple Safari is the default web browser included on Apple iPhone. A
vulnerability has been found on the 'WebKit' library used by Safari
inside iPhone. By inserting a special string on the 'alert()' JavaScript
method, it's possible to crash Safari via an outbound memory read
triggering an access violation.
The Apple Safari browser is prone to a denial of service vulnerability when parsing certain HTML content.
This is possible due to a failure in handling exceptional conditions. This issue is caused by a memory corruption error when handling javascript elements, which could be exploited by remote attackers to crash the browser by tricking a user into visiting a specially crafted web page.
This issue can NOT be lead to remote code execution, so that the potential security risk is rated low.
The exploit has been tested on Windows Vista SP2 with Safari 4.0.4 using following useragent:
Mozilla/5.0 (Windows; U; Windows NT 6.0; de-DE) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Proof of Concept:
============
<script>
var overloadtag = "<marquee>";
Mandriva Linux Security Advisory MDVSA-2011:039
http://www.mandriva.com/security/
_______________________________________________________________________
Package : webkit
Date : March 2, 2011
Affected: 2010.1
_______________________________________________________________________
Problem Description:
VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free
Vulnerability (CVE-2010-1392)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Safari is a web browser developed by Apple. As of February 2010,
<<Previous Next>>
|
