Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.
CVSS Score
5.0
EPSS Score
0.003
Published
2012-07-25
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-07-25
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property.
CVSS Score
4.3
EPSS Score
0.004
Published
2012-07-25
CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-07-25
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise.
CVSS Score
7.1
EPSS Score
0.001
Published
2012-07-25
WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVSS Score
4.3
EPSS Score
0.005
Published
2012-07-25
Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.
CVSS Score
4.3
EPSS Score
0.002
Published
2012-07-25
Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.
CVSS Score
4.3
EPSS Score
0.002
Published
2012-07-25
Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
CVSS Score
5.0
EPSS Score
0.005
Published
2012-07-25
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.007
Published
2012-05-11