The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE.
CVSS Score
5.0
EPSS Score
0.014
Published
2006-04-21
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
CVSS Score
5.0
EPSS Score
0.038
Published
2006-03-31
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-12-31
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
CVSS Score
7.8
EPSS Score
0.218
Published
2005-12-22
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.
CVSS Score
7.8
EPSS Score
0.007
Published
2005-11-29
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-10-26
Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.
CVSS Score
5.0
EPSS Score
0.045
Published
2005-09-21
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
CVSS Score
7.5
EPSS Score
0.011
Published
2005-08-19
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
CVSS Score
2.6
EPSS Score
0.003
Published
2005-08-19
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
CVSS Score
5.1
EPSS Score
0.029
Published
2005-08-19