Home / mailingsPDF  

APPLE-SA-2010-11-18-1 Safari 5.0.3 and Safari 4.1.3

Posted on 18 November 2010
Apple Security-announce

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2010-11-18-1 Safari 5.0.3 and Safari 4.1.3

Safari 5.0.3 and Safari 4.1.3 is now available and addresses the
following:

WebKit
CVE-ID: CVE-2010-3803
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in WebKit's handling of
strings. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to J23
for reporting this issue.

WebKit
CVE-ID: CVE-2010-3804
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Websites may surreptitiously track users
Description: Safari generates random numbers for JavaScript
applications using a predictable algorithm. This may allow a website
to track a particular Safari session without using cookies, hidden
form elements, IP addresses, or other techniques. This update
addresses the issue by using a stronger random number generator.
Credit to Amit Klein of Trusteer for reporting this issue.

WebKit
CVE-ID: CVE-2010-1815
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
scrollbars. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory management. Credit to
thabermann for reporting this issue.

WebKit
CVE-ID: CVE-2010-3805
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An integer underflow exists in WebKit's handling of
WebSockets. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to Keith
Campbell, and Cris Neckar of Google Chrome Security Team for
reporting this issue.

WebKit
CVE-ID: CVE-2010-3259
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a malicious website may lead to the disclosure of
image data from another website
Description: A cross-origin issue exists in WebKit's handling of
images created from "canvas" elements. Visiting a malicious website
may lead to the disclosure of image data from another website. This
issue is addressed through improved tracking of security origins.
Credit to Isaac Dawson, and James Qiu of Microsoft and Microsoft
Vulnerability Research (MSVR) for reporting this issue.

WebKit
CVE-ID: CVE-2010-3808
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
editing commands. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of editing
commands. Credit to wushi of team509 for reporting this issue.

WebKit
CVE-ID: CVE-2010-1812
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
selections. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory handling. Credit to
chipplyman for reporting this issue.

WebKit
CVE-ID: CVE-2010-3809
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
inline styling. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of inline styling.
Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1814
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of form menus. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of form menus. Credit to
Csaba Osztrogonac of University of Szeged for reporting this issue.

WebKit
CVE-ID: CVE-2010-3810
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: A maliciously crafted website may be able to spoof the
address in the location bar or add arbitrary locations to the history
Description: A cross-origin issue exists in WebKit's handling of the
History object. A maliciously crafted website may be able to spoof
the address in the location bar or add arbitrary locations to the
history. This issue is addressed through improved tracking of
security origins. Credit to Mike Taylor of Opera Software for
reporting this issue.

WebKit
CVE-ID: CVE-2010-3811
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
element attributes. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory handling. Credit to
Michal Zalewski for reporting this issue.

WebKit
CVE-ID: CVE-2010-3812
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in Webit's handling of Text
objects. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to J23
working with TippingPoint's Zero Day Initiative for reporting this
issue.

WebKit
CVE-ID: CVE-2010-3813
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: WebKit may perform DNS prefetching even when it is disabled
Description: When WebKit encounters an HTML Link Element that
requests DNS prefetching, it will perform the operation even if
prefetching is disabled. This may result in undesired requests to
remote servers. As an example, the sender of an HTML-formatted email
message could use this to determine that the message was read. This
issue is addressed trough improved handling of DNS prefetching
requests. Credit to Jeff Johnson of Rogue Amoeba Software for
reporting this issue.

WebKit
CVE-ID: CVE-2010-3116
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple use after free issues exist in WebKit's
handling of plug-ins. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution.
These issues are addressed through improved memory handling.

WebKit
CVE-ID: CVE-2010-3257
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
element focus. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory management. Credit to
VUPEN Vulnerability Research Team for reporting this issue.

WebKit
CVE-ID: CVE-2010-3816
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
scrollbars. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory handling. Credit to Rohit
Makasana of Google Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-3817
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
CSS 3D transforms. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of CSS 3D
transforms. Credit to Abhishek Arya (Inferno) of Google Chrome
Security Team for reporting this issue.

WebKit
CVE-ID: CVE-2010-3818
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
inline text boxes. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory handling. Credit to
Abhishek Arya (Inferno) of Google Chrome Security Team for reporting
this issue.

WebKit
CVE-ID: CVE-2010-3819
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
CSS boxes. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of CSS boxes. Credit to
Abhishek Arya (Inferno) of Google Chrome Security Team for reporting
this issue.

WebKit
CVE-ID: CVE-2010-3820
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's
handling of editable elements. Visiting a maliciously crafted website
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of
editable elements. Credit: Apple.

WebKit
CVE-ID: CVE-2010-1813
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering
of HTML object outlines. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved memory
management. Credit to Jose A. Vazquez of spa-s3c.blogspot.com for
reporting this issue.

WebKit
CVE-ID: CVE-2010-3821
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of the ':first-letter' pseudo-element in cascading stylesheets.
Visiting a maliciously crafted website may lead to an unexpected
application termination or arbitrary code execution. This issue is
addressed through improved handling of the ':first-letter' pseudo-
element. Credit to Cris Neckar and Abhishek Arya (Inferno) of Google
Chrome Security Team for reporting this issue.

WebKit
CVE-ID: CVE-2010-3822
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized pointer issue exists in WebKit's
handling of CSS counter styles. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of CSS counter styles. Credit to kuzzcc for reporting this
issue.

WebKit
CVE-ID: CVE-2010-3823
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
Geolocation objects. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory handling. Credit to
kuzzcc for reporting this issue.

WebKit
CVE-ID: CVE-2010-3824
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling
"use" elements in SVG documents. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
memory handling. Credit to wushi of team509 for reporting this issue.

WebKit
CVE-ID: CVE-2010-1822
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
SVG elements in non-SVG documents. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of SVG elements. Credit to wushi of team509 for reporting
this issue.

WebKit
CVE-ID: CVE-2010-3826
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4 or later, Mac OS X Server v10.6.4 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
colors in SVG documents. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of
colors in SVG documents. Credit to Abhishek Arya (Inferno) of Google
Chrome Security Team for reporting this issue.


Safari 5.0.3 and Safari 4.1.3 address the same set of security
issues. Safari 5.0.3 is provided for Mac OS X v10.5, Mac OS X v10.6,
and Windows systems. Safari 4.1.3 is provided for
Mac OS X v10.4 systems.

Safari 5.0.3 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/

Safari 4.1.3 is available via the Apple Software Update
application, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

Safari for Mac OS X v10.6.4 and later
The download file is named: Safari5.0.3SnowLeopard.dmg
Its SHA-1 digest is: 83e91419951bc0b58d09c82df94571b1cb03dda5

Safari for Mac OS X v10.5.8
The download file is named: Safari5.0.3Leopard.dmg
Its SHA-1 digest is: 32f56ef034fdb666448b15cab1ebab8d712afe21

Safari for Mac OS X v10.4.11
The download file is named: Safari4.1.3Tiger.dmg
Its SHA-1 digest is: c8fcfbe751fd6d01e483cc61233e8fb17382b6df

Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: a1d08e983476555688430f89b2252fa4d2be2df1

Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: d20ecb88756d60b34fac77579853ef139d2de0ed

Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 76e9c25613a29c460f9715e41aa121673bdae6be

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP