ID CVE-2012-3693
Summary Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs.
References
Vulnerable Configurations
  • Apple Safari 3.0.1 Beta
    cpe:2.3:a:apple:safari:3.0.1:beta
  • Apple Safari 4.0.3
    cpe:2.3:a:apple:safari:4.0.3
  • Apple Safari 3.2.1
    cpe:2.3:a:apple:safari:3.2.1
  • Apple Safari 5.0.4
    cpe:2.3:a:apple:safari:5.0.4
  • Apple Safari 3.2.1b for Windows
    cpe:2.3:a:apple:safari:3.2.1b:-:windows
  • Apple Safari 3.2.0b for Windows
    cpe:2.3:a:apple:safari:3.2.0b:-:windows
  • Apple Safari 3.1.2b for Windows
    cpe:2.3:a:apple:safari:3.1.2b:-:windows
  • Apple Safari 3.1.1b for Windows
    cpe:2.3:a:apple:safari:3.1.1b:-:windows
  • Apple Safari 4.0.0b
    cpe:2.3:a:apple:safari:4.0.0b
  • Apple Safari 3.2.2b for Windows
    cpe:2.3:a:apple:safari:3.2.2b:-:windows
  • Apple Safari 3.2.2
    cpe:2.3:a:apple:safari:3.2.2
  • Apple Safari 3.2.0
    cpe:2.3:a:apple:safari:3.2.0
  • Apple Safari 5.0
    cpe:2.3:a:apple:safari:5.0
  • Apple Safari 3
    cpe:2.3:a:apple:safari:3
  • Apple Safari 1.1.1
    cpe:2.3:a:apple:safari:1.1.1
  • Apple Safari 4.0.1
    cpe:2.3:a:apple:safari:4.0.1
  • Apple Safari 4.0
    cpe:2.3:a:apple:safari:4.0
  • Apple Safari 3.0.1
    cpe:2.3:a:apple:safari:3.0.1
  • Apple Safari 3.0
    cpe:2.3:a:apple:safari:3.0
  • Apple Safari 3.0.2
    cpe:2.3:a:apple:safari:3.0.2
  • Apple Safari 3.0.3
    cpe:2.3:a:apple:safari:3.0.3
  • Apple Safari 2.0
    cpe:2.3:a:apple:safari:2.0
  • Apple Safari 2.0.1
    cpe:2.3:a:apple:safari:2.0.1
  • Apple Safari 2.0.2
    cpe:2.3:a:apple:safari:2.0.2
  • Apple Safari 2.0.3
    cpe:2.3:a:apple:safari:2.0.3
  • Apple Safari 2.0.4
    cpe:2.3:a:apple:safari:2.0.4
  • Apple Safari 1.3.2
    cpe:2.3:a:apple:safari:1.3.2
  • Apple Safari 3.1.2
    cpe:2.3:a:apple:safari:3.1.2
  • Apple Safari 1.2
    cpe:2.3:a:apple:safari:1.2
  • Apple Safari 1.2.1
    cpe:2.3:a:apple:safari:1.2.1
  • Apple Safari 1.2.2
    cpe:2.3:a:apple:safari:1.2.2
  • Apple Safari 1.2.3
    cpe:2.3:a:apple:safari:1.2.3
  • Apple Safari 1.2.4
    cpe:2.3:a:apple:safari:1.2.4
  • Apple Safari 1.2.5
    cpe:2.3:a:apple:safari:1.2.5
  • Apple Safari 1.3
    cpe:2.3:a:apple:safari:1.3
  • Apple Safari 1.3.1
    cpe:2.3:a:apple:safari:1.3.1
  • Apple Safari 4.0.5
    cpe:2.3:a:apple:safari:4.0.5
  • Apple Safari 1.1
    cpe:2.3:a:apple:safari:1.1
  • Apple Safari 4.0.2
    cpe:2.3:a:apple:safari:4.0.2
  • Apple Safari 1.0 Beta2
    cpe:2.3:a:apple:safari:1.0:beta2
  • Apple Safari 1.0 Beta
    cpe:2.3:a:apple:safari:1.0:beta
  • Apple Safari 1.0
    cpe:2.3:a:apple:safari:1.0
  • Apple Safari 5.1.1
    cpe:2.3:a:apple:safari:5.1.1
  • Apple Safari 4.0.4
    cpe:2.3:a:apple:safari:4.0.4
  • Apple Safari 3.0.4
    cpe:2.3:a:apple:safari:3.0.4
  • Apple Safari 3.1.1
    cpe:2.3:a:apple:safari:3.1.1
  • Apple Safari 5.0.1
    cpe:2.3:a:apple:safari:5.0.1
  • Apple Safari 1.0.3 85.8
    cpe:2.3:a:apple:safari:1.0.3:85.8
  • Apple Safari 1.0.3 85.8.1
    cpe:2.3:a:apple:safari:1.0.3:85.8.1
  • Apple Safari 2.0.3 417.9.2
    cpe:2.3:a:apple:safari:2.0.3:417.9.2
  • Apple Safari 2.0.3 417.9.3
    cpe:2.3:a:apple:safari:2.0.3:417.9.3
  • Apple Safari 2.0.3 417.8
    cpe:2.3:a:apple:safari:2.0.3:417.8
  • Apple Safari 4.1
    cpe:2.3:a:apple:safari:4.1
  • Apple Safari 2.0.3 417.9
    cpe:2.3:a:apple:safari:2.0.3:417.9
  • Apple Safari 1.3.2 312.5
    cpe:2.3:a:apple:safari:1.3.2:312.5
  • Apple Safari 1.3.2 312.6
    cpe:2.3:a:apple:safari:1.3.2:312.6
  • Apple Safari 5.0.5
    cpe:2.3:a:apple:safari:5.0.5
  • Apple Safari 4 Beta
    cpe:2.3:a:apple:safari:4.0:beta
  • Apple Safari 4.1.1
    cpe:2.3:a:apple:safari:4.1.1
  • Apple Safari 5.0.2
    cpe:2.3:a:apple:safari:5.0.2
  • Apple Safari 4.1.2
    cpe:2.3:a:apple:safari:4.1.2
  • Apple Safari 2
    cpe:2.3:a:apple:safari:2
  • Apple Safari 1.0.0
    cpe:2.3:a:apple:safari:1.0.0
  • Apple Safari 1.0.3
    cpe:2.3:a:apple:safari:1.0.3
  • Apple Safari 1.3.0
    cpe:2.3:a:apple:safari:1.3.0
  • Apple Safari 1.2.0
    cpe:2.3:a:apple:safari:1.2.0
  • Apple Safari 1.1.0
    cpe:2.3:a:apple:safari:1.1.0
  • Apple Safari 1.0b1 for Mac OS X
    cpe:2.3:a:apple:safari:1.0b1:-:mac
  • Apple Safari 1.0.2
    cpe:2.3:a:apple:safari:1.0.2
  • Apple Safari 1.0.1
    cpe:2.3:a:apple:safari:1.0.1
  • Apple Safari 1.0.0b2
    cpe:2.3:a:apple:safari:1.0.0b2
  • Apple Safari 1.0.0b1
    cpe:2.3:a:apple:safari:1.0.0b1
  • Apple Safari 3.0.1b
    cpe:2.3:a:apple:safari:3.0.1b
  • Apple Safari 3.0.1 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.1:-:mac
  • Apple Safari 3.0.0b for Windows
    cpe:2.3:a:apple:safari:3.0.0b:-:windows
  • Apple Safari 3.0.0b
    cpe:2.3:a:apple:safari:3.0.0b
  • Apple Safari 3.0.0 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.0:-:mac
  • Apple Safari 3.0.0
    cpe:2.3:a:apple:safari:3.0.0
  • Apple Safari 2.0.4 for Mac OS X
    cpe:2.3:a:apple:safari:2.0.4:-:mac
  • Apple Safari 2.0.0
    cpe:2.3:a:apple:safari:2.0.0
  • Apple Safari 3.0.3 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.3:-:mac
  • Apple Safari 3.0.3b
    cpe:2.3:a:apple:safari:3.0.3b
  • Apple Safari 3.0.3b for Windows
    cpe:2.3:a:apple:safari:3.0.3b:-:windows
  • Apple Safari 3.0.4 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.4:-:mac
  • Apple Safari 3.0.1b for Windows
    cpe:2.3:a:apple:safari:3.0.1b:-:windows
  • Apple Safari 3.0.2 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.2:-:mac
  • Apple Safari 3.0.2b
    cpe:2.3:a:apple:safari:3.0.2b
  • Apple Safari 3.0.2b for Windows
    cpe:2.3:a:apple:safari:3.0.2b:-:windows
  • Apple Safari 5.0.6
    cpe:2.3:a:apple:safari:5.0.6
  • Apple Safari 3.1.0b
    cpe:2.3:a:apple:safari:3.1.0b
  • Apple Safari 3.1.0b for Windows
    cpe:2.3:a:apple:safari:3.1.0b:-:windows
  • Apple Safari 5.1
    cpe:2.3:a:apple:safari:5.1
  • Apple Safari 3.0.4b
    cpe:2.3:a:apple:safari:3.0.4b
  • Apple Safari 3.0.4b for Windows
    cpe:2.3:a:apple:safari:3.0.4b:-:windows
  • Apple Safari 3.1.0
    cpe:2.3:a:apple:safari:3.1.0
  • Apple Safari 3.1.0 for Mac OS X
    cpe:2.3:a:apple:safari:3.1.0:-:mac
  • Apple Safari 5.1.2
    cpe:2.3:a:apple:safari:5.1.2
  • Apple Safari 5.1.7
    cpe:2.3:a:apple:safari:5.1.7
  • Apple Safari 5.1.5
    cpe:2.3:a:apple:safari:5.1.5
  • Apple Safari 5.1.4
    cpe:2.3:a:apple:safari:5.1.4
  • Apple Safari 5.1.6
    cpe:2.3:a:apple:safari:5.1.6
  • Apple Safari 5.1.3
    cpe:2.3:a:apple:safari:5.1.3
CVSS
Base: 5.0 (as of 26-07-2012 - 10:26)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOSX_SAFARI6_0.NASL
description The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0. It is, therefore, potentially affected by several issues : - An unspecified cross-site scripting issue exists. (CVE-2012-0678) - An error in the handling of 'feed://' URLs can allow local files to be disclosed to remote servers. (CVE-2012-0679) - Password input elements are auto completed even when a webpage specifically forbids it. (CVE-2012-0680) - A cross-site scripting issue exists due to improper handling of the HTTP 'Content-Disposition' header value of 'attachment'. (CVE-2011-3426) - Numerous issues exist in WebKit. (CVE-2011-2845, CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3050, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076, CVE-2011-3078, CVE-2011-3081, CVE-2011-3086, CVE-2011-3089, CVE-2011-3090, CVE-2011-3913, CVE-2011-3924, CVE-2011-3926, CVE-2011-3958, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-1521, CVE-2012-2815, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3599, CVE-2012-3600, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3615, CVE-2012-3618, CVE-2012-3620, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3650, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3674, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3686, CVE-2012-3689, CVE-2012-3690, CVE-2012-3691, CVE-2012-3693, CVE-2012-3694, CVE-2012-3695, CVE-2012-3696, CVE-2012-3697)
last seen 2019-02-21
modified 2018-07-14
plugin id 60127
published 2012-07-26
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=60127
title Mac OS X : Apple Safari < 6.0 Multiple Vulnerabilities
refmap via4
apple
  • APPLE-SA-2012-07-25-1
  • APPLE-SA-2012-09-19-1
confirm
Last major update 21-09-2012 - 23:35
Published 25-07-2012 - 15:55
Back to Top