Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
CVSS Score
5.1
EPSS Score
0.029
Published
2005-08-19
Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
CVSS Score
5.0
EPSS Score
0.009
Published
2005-01-10
Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.
CVSS Score
7.5
EPSS Score
0.01
Published
2005-01-10
The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array.
CVSS Score
5.0
EPSS Score
0.059
Published
2004-11-23
Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.
CVSS Score
5.0
EPSS Score
0.112
Published
2004-11-01
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVSS Score
7.5
EPSS Score
0.027
Published
2004-04-15
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
CVSS Score
5.0
EPSS Score
0.006
Published
2003-12-15
Page 147