Apple ≫ Safari

Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing ...

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a...

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string com...

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an ...

Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contain...

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishi...