Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.
CVSS Score
4.3
EPSS Score
0.006
Published
2009-06-10
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.
CVSS Score
4.3
EPSS Score
0.022
Published
2009-06-10
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
CVSS Score
2.1
EPSS Score
0.001
Published
2009-06-10
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
CVSS Score
7.1
EPSS Score
0.007
Published
2009-06-10
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-06-10
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-06-10
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
CVSS Score
4.3
EPSS Score
0.02
Published
2009-06-10
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.
CVSS Score
4.3
EPSS Score
0.006
Published
2009-06-10
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVSS Score
9.3
EPSS Score
0.059
Published
2009-06-10
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
CVSS Score
9.3
EPSS Score
0.074
Published
2009-06-10