View Single Post
PKIDelirium
Veteran Member
 
Join Date: Oct 2005
 
2006-03-01, 16:59

Quote:
*

Safari

CVE-ID: CVE-2006-0390/CVE-2005-4504

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

Impact: Viewing a maliciously-crafted web page may result in arbitrary code execution

Description: A heap-based buffer overflow in WebKit's handling of certain HTML could allow a malicious web site to cause a crash or execute arbitrary code as the user viewing the site. This update addresses the issue by preventing the condition causing the overflow. Credit to Suresec LTD for reporting this issue.

*

Safari

CVE-ID: CVE-2006-0387

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

Impact: Viewing a malicious web page may cause arbitrary code execution

Description: By preparing a web page including specially-crafted JavaScript, an attacker may trigger a stack buffer overflow that could lead to arbitrary code execution with the privileges of the user. This update addresses the issue by performing additional bounds checking.

*

Safari

CVE-ID: CVE-2006-0388

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

Impact: Remote web sites can redirect to local resources, allowing JavaScript to execute in the local domain

Description: Safari's security model prevents remote resources from causing redirection to local resources. An issue involving HTTP redirection can cause the browser to access a local file, bypassing certain restrictions. This update addresses the issue by preventing cross-domain HTTP redirects.

*

Safari, LaunchServices

CVE-ID: CVE-2006-0394

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

Impact: Viewing a malicious web site may result in arbitrary code execution

Description: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9).
It looks like they fixed it!
  quote