cvelistv5 - cve-2009-1707

CVE-2009-1707 (GCVE-0-2009-1707)

Vulnerability from cvelistv5

Published

2009-06-10 17:37

Modified

2024-08-07 05:20

Severity ?

CWE

Summary

Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.

References

URL

Tags

cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
cve@mitre.org	http://osvdb.org/55012
cve@mitre.org	http://secunia.com/advisories/35379	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/42314
cve@mitre.org	http://support.apple.com/kb/HT3613	Patch, Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT4456
cve@mitre.org	http://www.securityfocus.com/bid/35260	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/35352
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2010/3046
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/55012
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35379	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42314
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3613	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4456
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35260	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35352
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3046

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:20:35.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2009-06-08-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
          },
          {
            "name": "ADV-2010-3046",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3046"
          },
          {
            "name": "35260",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35260"
          },
          {
            "name": "ADV-2009-1522",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1522"
          },
          {
            "name": "35352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35352"
          },
          {
            "name": "35379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35379"
          },
          {
            "name": "42314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42314"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4456"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3613"
          },
          {
            "name": "APPLE-SA-2010-11-22-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
          },
          {
            "name": "55012",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/55012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-06-19T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2009-06-08-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
        },
        {
          "name": "ADV-2010-3046",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3046"
        },
        {
          "name": "35260",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35260"
        },
        {
          "name": "ADV-2009-1522",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1522"
        },
        {
          "name": "35352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35352"
        },
        {
          "name": "35379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35379"
        },
        {
          "name": "42314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42314"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4456"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3613"
        },
        {
          "name": "APPLE-SA-2010-11-22-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
        },
        {
          "name": "55012",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/55012"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1707",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2009-06-08-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
            },
            {
              "name": "ADV-2010-3046",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3046"
            },
            {
              "name": "35260",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35260"
            },
            {
              "name": "ADV-2009-1522",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1522"
            },
            {
              "name": "35352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35352"
            },
            {
              "name": "35379",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35379"
            },
            {
              "name": "42314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42314"
            },
            {
              "name": "http://support.apple.com/kb/HT4456",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4456"
            },
            {
              "name": "http://support.apple.com/kb/HT3613",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3613"
            },
            {
              "name": "APPLE-SA-2010-11-22-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
            },
            {
              "name": "55012",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/55012"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1707",
    "datePublished": "2009-06-10T17:37:00",
    "dateReserved": "2009-05-20T00:00:00",
    "dateUpdated": "2024-08-07T05:20:35.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1707\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-06-10T18:00:00.687\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Condici\u00f3n de carrera en la implementaci\u00f3n de \\\"Reset Safari\\\" en Apple Safari anteriores a la v4.0 en Windows permitir\u00eda a usuarios locales leer contrase\u00f1as web a trav\u00e9s de vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":1.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.3\",\"matchCriteriaId\":\"F1F650EC-4778-4233-9CF5-2B809CE4C799\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"A588615E-EE35-4E19-8BDA-598ED9664686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"3E61C168-482B-412A-97E8-B1C651797EDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"32024B14-B4F7-466E-AEF2-0D3A7E8E1060\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"D137F48A-E670-4BDB-B003-C6BB2A33F250\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"85AB4EDB-408D-4D2F-95BE-B578455EFA4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"0B256D38-257B-4C3D-9EA5-2255BF3A329C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"158AEA23-B5DB-4CBC-8391-2D97233A8E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"218FBDC4-29AF-4BA1-A3FE-4E19B0E3E654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"905F4A8A-49EE-40EB-983C-72C4AFBD98DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"BDE11F09-3D57-4CF0-8165-90FB234CC403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"99118352-6845-4704-B4A3-F98E8C06E0FD\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/55012\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35379\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42314\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3613\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4456\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/35260\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/35352\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3046\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/55012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42314\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/35260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/35352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2010-AVI-565

Vulnerability from certfr_avis

De multiples vulnérabilités affectent Apple iOS. Certaines permettent l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Apple iOS, notamment dans :

Configuration Profiles ;
CoreGraphics ;
FreeType ;
iAd Content Display ;
ImageIO ;
libxml ;
Mail ;
Networking ;
OfficeImport ;
Photos ;
Safari ;
Telephony ;
WebKit.

Parmi ces vulnérabilités, certaines permettent l'exécution de code arbitraire à distance, des dénis de service à distance ainsi que l'atteinte à la confidentialité des données sur les produits Apple embarquant le système d'exploitation iOS.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions 4.1 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4456 du 22 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003eApple iOS\u003c/SPAN\u003e  versions 4.1 et ant\u00e9rieures.",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Apple iOS, notamment dans :\n\n-   Configuration Profiles ;\n-   CoreGraphics ;\n-   FreeType ;\n-   iAd Content Display ;\n-   ImageIO ;\n-   libxml ;\n-   Mail ;\n-   Networking ;\n-   OfficeImport ;\n-   Photos ;\n-   Safari ;\n-   Telephony ;\n-   WebKit.\n\nParmi ces vuln\u00e9rabilit\u00e9s, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, des d\u00e9nis de service \u00e0 distance ainsi que\nl\u0027atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es sur les produits Apple\nembarquant le syst\u00e8me d\u0027exploitation iOS.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1408"
    },
    {
      "name": "CVE-2010-1407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1407"
    },
    {
      "name": "CVE-2010-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1784"
    },
    {
      "name": "CVE-2010-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1791"
    },
    {
      "name": "CVE-2010-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1782"
    },
    {
      "name": "CVE-2010-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1387"
    },
    {
      "name": "CVE-2010-1822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1822"
    },
    {
      "name": "CVE-2010-3821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3821"
    },
    {
      "name": "CVE-2010-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3824"
    },
    {
      "name": "CVE-2010-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1418"
    },
    {
      "name": "CVE-2010-3832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3832"
    },
    {
      "name": "CVE-2010-3819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3819"
    },
    {
      "name": "CVE-2010-3804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3804"
    },
    {
      "name": "CVE-2010-1403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1403"
    },
    {
      "name": "CVE-2010-1770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1770"
    },
    {
      "name": "CVE-2010-3822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3822"
    },
    {
      "name": "CVE-2010-3259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3259"
    },
    {
      "name": "CVE-2010-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1414"
    },
    {
      "name": "CVE-2010-3813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3813"
    },
    {
      "name": "CVE-2010-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1807"
    },
    {
      "name": "CVE-2010-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3803"
    },
    {
      "name": "CVE-2010-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3812"
    },
    {
      "name": "CVE-2010-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3831"
    },
    {
      "name": "CVE-2009-1707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1707"
    },
    {
      "name": "CVE-2010-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
    },
    {
      "name": "CVE-2010-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1771"
    },
    {
      "name": "CVE-2010-3809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3809"
    },
    {
      "name": "CVE-2010-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3820"
    },
    {
      "name": "CVE-2010-1813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1813"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-3816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3816"
    },
    {
      "name": "CVE-2010-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1789"
    },
    {
      "name": "CVE-2010-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1764"
    },
    {
      "name": "CVE-2010-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1788"
    },
    {
      "name": "CVE-2010-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3826"
    },
    {
      "name": "CVE-2010-1410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1410"
    },
    {
      "name": "CVE-2010-3810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3810"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2010-3830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3830"
    },
    {
      "name": "CVE-2010-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
    },
    {
      "name": "CVE-2010-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1793"
    },
    {
      "name": "CVE-2010-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1786"
    },
    {
      "name": "CVE-2010-0544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0544"
    },
    {
      "name": "CVE-2010-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3829"
    },
    {
      "name": "CVE-2010-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1785"
    },
    {
      "name": "CVE-2010-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1783"
    },
    {
      "name": "CVE-2010-1416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1416"
    },
    {
      "name": "CVE-2010-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3817"
    },
    {
      "name": "CVE-2010-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3814"
    },
    {
      "name": "CVE-2010-3808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3808"
    },
    {
      "name": "CVE-2010-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1394"
    },
    {
      "name": "CVE-2010-3116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3116"
    },
    {
      "name": "CVE-2010-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1405"
    },
    {
      "name": "CVE-2010-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3805"
    },
    {
      "name": "CVE-2010-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0051"
    },
    {
      "name": "CVE-2010-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1806"
    },
    {
      "name": "CVE-2010-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1757"
    },
    {
      "name": "CVE-2010-1422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1422"
    },
    {
      "name": "CVE-2010-3828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3828"
    },
    {
      "name": "CVE-2010-3827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3827"
    },
    {
      "name": "CVE-2010-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1758"
    },
    {
      "name": "CVE-2010-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
    },
    {
      "name": "CVE-2010-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
    },
    {
      "name": "CVE-2010-1781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1781"
    },
    {
      "name": "CVE-2010-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
    },
    {
      "name": "CVE-2010-3818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3818"
    },
    {
      "name": "CVE-2010-1415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1415"
    },
    {
      "name": "CVE-2010-3053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2010-3257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3257"
    },
    {
      "name": "CVE-2010-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3823"
    },
    {
      "name": "CVE-2010-3054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
    },
    {
      "name": "CVE-2010-1421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1421"
    },
    {
      "name": "CVE-2010-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1417"
    },
    {
      "name": "CVE-2010-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
    },
    {
      "name": "CVE-2010-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3811"
    },
    {
      "name": "CVE-2010-1812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1812"
    },
    {
      "name": "CVE-2010-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
    },
    {
      "name": "CVE-2010-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1392"
    },
    {
      "name": "CVE-2010-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1780"
    },
    {
      "name": "CVE-2010-1814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1814"
    },
    {
      "name": "CVE-2010-1815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1815"
    },
    {
      "name": "CVE-2010-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1787"
    },
    {
      "name": "CVE-2010-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
    },
    {
      "name": "CVE-2010-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1384"
    }
  ],
  "initial_release_date": "2010-11-24T00:00:00",
  "last_revision_date": "2010-11-24T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-565",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent \u003cspan class=\"textit\"\u003eApple\niOS\u003c/span\u003e. Certaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4456 du 22 novembre 2010",
      "url": "http://support.apple.com/kb/HT4456"
    }
  ]
}

CERTA-2009-AVI-223

Vulnerability from certfr_avis

De multiples vulnérabilités dans Apple Safari permettant, entre autre, l'exécution de code arbitraire à distance ont été corrigées.

Description

De multiples vulnérabilités dans Apple Safari ont été corrigées dont :

Des images identifiées comme des fichiers HTML permettent l'exécution automatique de Javascript ;
plusieurs corruptions mémoire affectant le composant CoreGraphics permettent l'exécution de code arbitraire (Microsoft Windows) à distance ;
plusieurs vulnérabilités affectent le composant WebKit et permettent, entre autre, des attaques en XSS ou l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de Safari antérieures à 4.0 pour les systèmes d'exploitation suivants :

Mac OS X 10.4.x ;
Mac OS X 10.5.x ;
Mac OS X Server 10.4.x ;
Mac OS X Server 10.5.x ;
Windows XP ;
Windows Vista.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3613 du 8 juin 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3613 du 08 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes versions de Safari ant\u00e9rieures \u00e0  4.0 pour les syst\u00e8mes d\u0027exploitation suivants :  \u003cUL\u003e    \u003cLI\u003eMac OS X 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eWindows XP ;\u003c/LI\u003e    \u003cLI\u003eWindows Vista.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Apple Safari ont \u00e9t\u00e9 corrig\u00e9es dont :\n\n-   Des images identifi\u00e9es comme des fichiers HTML permettent\n    l\u0027ex\u00e9cution automatique de Javascript ;\n-   plusieurs corruptions m\u00e9moire affectant le composant CoreGraphics\n    permettent l\u0027ex\u00e9cution de code arbitraire (Microsoft Windows) \u00e0\n    distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s affectent le composant WebKit et\n    permettent, entre autre, des attaques en XSS ou l\u0027ex\u00e9cution de code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2783"
    },
    {
      "name": "CVE-2009-1702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1702"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2009-1697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1697"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-1710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1710"
    },
    {
      "name": "CVE-2009-1694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1694"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2009-1686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1686"
    },
    {
      "name": "CVE-2009-1688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1688"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2009-1685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1685"
    },
    {
      "name": "CVE-2009-1696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1696"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2009-1707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1707"
    },
    {
      "name": "CVE-2009-1709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1709"
    },
    {
      "name": "CVE-2009-1708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1708"
    },
    {
      "name": "CVE-2009-1704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1704"
    },
    {
      "name": "CVE-2009-1698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1698"
    },
    {
      "name": "CVE-2009-1701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1701"
    },
    {
      "name": "CVE-2009-1682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1682"
    },
    {
      "name": "CVE-2009-1693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1693"
    },
    {
      "name": "CVE-2009-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1684"
    },
    {
      "name": "CVE-2009-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1705"
    },
    {
      "name": "CVE-2009-1703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1703"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2009-1712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1712"
    },
    {
      "name": "CVE-2009-1714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1714"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2009-1695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1695"
    },
    {
      "name": "CVE-2008-3632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3632"
    },
    {
      "name": "CVE-2009-1681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1681"
    },
    {
      "name": "CVE-2009-1718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1718"
    },
    {
      "name": "CVE-2008-1588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1588"
    },
    {
      "name": "CVE-2008-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4409"
    },
    {
      "name": "CVE-2009-1691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1691"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2009-1179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1179"
    },
    {
      "name": "CVE-2009-1689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1689"
    },
    {
      "name": "CVE-2009-1687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1687"
    },
    {
      "name": "CVE-2009-1713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1713"
    },
    {
      "name": "CVE-2009-1699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1699"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-1716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1716"
    },
    {
      "name": "CVE-2009-1706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1706"
    },
    {
      "name": "CVE-2009-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1700"
    },
    {
      "name": "CVE-2009-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1690"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2009-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1711"
    },
    {
      "name": "CVE-2008-4231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4231"
    },
    {
      "name": "CVE-2009-1715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1715"
    }
  ],
  "initial_release_date": "2009-06-10T00:00:00",
  "last_revision_date": "2009-06-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 08 juin 2009 :",
      "url": "http://support.apple.com/kb/HT3613"
    }
  ],
  "reference": "CERTA-2009-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple Safari permettant, entre autre,\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 8 juin 2009",
      "url": null
    }
  ]
}

fkie_cve-2009-1707

Vulnerability from fkie_nvd

Published

2009-06-10 18:00

Modified

2025-04-09 00:30

Severity ?

Summary

Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
cve@mitre.org	http://osvdb.org/55012
cve@mitre.org	http://secunia.com/advisories/35379	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/42314
cve@mitre.org	http://support.apple.com/kb/HT3613	Patch, Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT4456
cve@mitre.org	http://www.securityfocus.com/bid/35260	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/35352
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2010/3046
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/55012
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35379	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42314
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3613	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4456
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35260	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35352
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3046

Impacted products

Vendor	Product	Version
apple	safari	*
apple	safari	3.0
apple	safari	3.0.1
apple	safari	3.0.2
apple	safari	3.0.3
apple	safari	3.0.4
apple	safari	3.1
apple	safari	3.1.1
apple	safari	3.1.2
apple	safari	3.2
apple	safari	3.2.1
apple	safari	3.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
              "matchCriteriaId": "F1F650EC-4778-4233-9CF5-2B809CE4C799",
              "versionEndIncluding": "3.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*",
              "matchCriteriaId": "A588615E-EE35-4E19-8BDA-598ED9664686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "3E61C168-482B-412A-97E8-B1C651797EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "32024B14-B4F7-466E-AEF2-0D3A7E8E1060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*",
              "matchCriteriaId": "D137F48A-E670-4BDB-B003-C6BB2A33F250",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*",
              "matchCriteriaId": "85AB4EDB-408D-4D2F-95BE-B578455EFA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "0B256D38-257B-4C3D-9EA5-2255BF3A329C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "158AEA23-B5DB-4CBC-8391-2D97233A8E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "218FBDC4-29AF-4BA1-A3FE-4E19B0E3E654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "905F4A8A-49EE-40EB-983C-72C4AFBD98DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "BDE11F09-3D57-4CF0-8165-90FB234CC403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "99118352-6845-4704-B4A3-F98E8C06E0FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en la implementaci\u00f3n de \"Reset Safari\" en Apple Safari anteriores a la v4.0 en Windows permitir\u00eda a usuarios locales leer contrase\u00f1as web a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2009-1707",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.2,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T18:00:00.687",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/55012"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35379"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42314"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3613"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT4456"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35260"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35352"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1522"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/55012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3046"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-w9g9-5q3r-qpxx

Vulnerability from github

Published

2022-05-02 03:27

Modified

2022-05-02 03:27

Details

Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1707"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-10T18:00:00Z",
    "severity": "LOW"
  },
  "details": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.",
  "id": "GHSA-w9g9-5q3r-qpxx",
  "modified": "2022-05-02T03:27:48Z",
  "published": "2022-05-02T03:27:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1707"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/55012"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35379"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42314"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3613"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4456"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35260"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35352"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1522"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/3046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2009-1707

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.

Aliases

CVE-2009-1707

Aliases

CVE-2009-1707

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1707",
    "description": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.",
    "id": "GSD-2009-1707"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1707"
      ],
      "details": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.",
      "id": "GSD-2009-1707",
      "modified": "2023-12-13T01:19:48.119900Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1707",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2009-06-08-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
          },
          {
            "name": "ADV-2010-3046",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/3046"
          },
          {
            "name": "35260",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35260"
          },
          {
            "name": "ADV-2009-1522",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1522"
          },
          {
            "name": "35352",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35352"
          },
          {
            "name": "35379",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35379"
          },
          {
            "name": "42314",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42314"
          },
          {
            "name": "http://support.apple.com/kb/HT4456",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4456"
          },
          {
            "name": "http://support.apple.com/kb/HT3613",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3613"
          },
          {
            "name": "APPLE-SA-2010-11-22-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
          },
          {
            "name": "55012",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/55012"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1707"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT3613",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3613"
            },
            {
              "name": "ADV-2009-1522",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1522"
            },
            {
              "name": "APPLE-SA-2009-06-08-1",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
            },
            {
              "name": "35379",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/35379"
            },
            {
              "name": "35260",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/35260"
            },
            {
              "name": "35352",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/35352"
            },
            {
              "name": "55012",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/55012"
            },
            {
              "name": "APPLE-SA-2010-11-22-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4456",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4456"
            },
            {
              "name": "ADV-2010-3046",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/3046"
            },
            {
              "name": "42314",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42314"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.2,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2010-12-10T06:30Z",
      "publishedDate": "2009-06-10T18:00Z"
    }
  }
}

var-200901-0752

Vulnerability from variot

Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 35321 WebKit XML External Entity Information Disclosure Vulnerability 35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability 35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability 35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability 35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability 35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability 35317 WebKit Subframe Click Jacking Vulnerability 35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability 35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability 35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability 35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability 35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability 35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability 35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability 35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability 35272 WebKit Drag Event Remote Information Disclosure Vulnerability 35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability 33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability 35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability 35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability 35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability 35350 WebKit Java Applet Remote Code Execution Vulnerability 35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability 35348 WebKit Web Inspector Cross Site Scripting Vulnerability 35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability 35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability 35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability 35333 WebKit File Enumeration Information Disclosure Vulnerability 35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability 35332 WebKit 'about:blank' Security Bypass Vulnerability 35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability 35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability 35328 WebKit Frame Transition Cross Domain Scripting Vulnerability 35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability 35344 Apple Safari CFNetwork Script Injection Weakness 35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Apple Safari is prone to a local information-disclosure vulnerability. A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. Apple Safari \"WebKit\" After hitting the \"Reset\" key of \"Reset Saved Names and Passwords\" in the \"Reset Safari\" menu option, Safari may take up to 30 seconds to clear the password. Users who have accessed the system during this window of time can access stored credentials. ----------------------------------------------------------------------

Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).

For more information: SA40257 SA41328 SA42151 SA42312

SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: Apple Safari Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA35379

VERIFY ADVISORY: http://secunia.com/advisories/35379/

DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or compromise a user's system.

1) An error in the handling of TrueType fonts can be exploited to corrupt memory when a user visits a web site embedding a specially crafted font.

Successful exploitation may allow execution of arbitrary code.

2) Some vulnerabilities in FreeType can potentially be exploited to compromise a user's system.

For more information: SA34723

3) Some vulnerabilities in libpng can potentially be exploited to compromise a user's system.

For more information: SA33970

4) An error in the processing of external entities in XML files can be exploited to read files from the user's system when a users visits a specially crafted web page.

Other vulnerabilities have also been reported of which some may also affect Safari version 3.x.

SOLUTION: Upgrade to Safari version 4, which fixes the vulnerabilities.

PROVIDED AND/OR DISCOVERED BY: 1-3) Tavis Ormandy 4) Chris Evans of Google Inc.

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3613

Chris Evans: http://scary.beasts.org/security/CESA-2009-006.html

OTHER REFERENCES: SA33970: http://secunia.com/advisories/33970/

SA34723: http://secunia.com/advisories/34723/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200901-0752",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.0 to  4.1 (iphone 3g after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.1 to  4.1 (ipod touch (2nd generation) after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.2 to  3.2.2 (ipad for )"
      },
      {
        "model": "ipad",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1707"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:ipad",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:iphone",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:ipod_touch",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sergio AlvarezBilly RiosBruce MortonMichael Hay",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-1707",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 1.9,
            "id": "CVE-2009-1707",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 1.9,
            "id": "VHN-39153",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:H/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-1707",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-1707",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200906-191",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-39153",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2009-1707",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39153"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-1707"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1707"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. \nNOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:\n35321 WebKit XML External Entity Information Disclosure Vulnerability\n35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability\n35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability\n35322 WebKit \u0027Canvas\u0027 HTML Element Image Capture Remote Information Disclosure Vulnerability\n35319 WebKit \u0027document.implementation\u0027 Cross Domain Scripting Vulnerability\n35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability\n35317 WebKit Subframe Click Jacking Vulnerability\n35318 WebKit CSS \u0027Attr\u0027 Function Remote Code Execution Vulnerability\n35315 WebKit JavaScript \u0027onload()\u0027 Event Cross Domain Scripting Vulnerability\n35310 WebKit \u0027Attr\u0027 DOM Objects Remote Code Execution Vulnerability\n35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability\n35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability\n35284 WebKit \u0027Document()\u0027 Function Remote Information Disclosure Vulnerability\n35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability\n35270 WebKit \u0027XMLHttpRequest\u0027 HTTP Response Splitting Vulnerability\n35272 WebKit Drag Event Remote Information Disclosure Vulnerability\n35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability\n33276 Multiple Browser JavaScript Engine \u0027Math.Random()\u0027 Cross Domain Information Disclosure Vulnerability\n35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability\n35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability\n35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability\n35350 WebKit Java Applet Remote Code Execution Vulnerability\n35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability\n35348 WebKit Web Inspector Cross Site Scripting Vulnerability\n35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability\n35351 Apple Safari \u0027open-help-anchor\u0027 URI Handler Remote Code Execution Vulnerability\n35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability\n35333 WebKit File Enumeration Information Disclosure Vulnerability\n35327 WebKit \u0027Location\u0027 and \u0027History\u0027 Objects Cross Site Scripting Vulnerability\n35332 WebKit \u0027about:blank\u0027 Security Bypass Vulnerability\n35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability\n35331 WebKit \u0027Canvas\u0027 SVG Image Capture Remote Information Disclosure Vulnerability\n35328 WebKit Frame Transition Cross Domain Scripting Vulnerability\n35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability\n35344 Apple Safari CFNetwork Script Injection Weakness\n35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Apple Safari is prone to a local information-disclosure vulnerability. \nA local attacker can exploit this issue to obtain sensitive information that may aid in further attacks. \nThis issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista. \nNOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. Apple Safari \\\"WebKit\\\" After hitting the \\\"Reset\\\" key of \\\"Reset Saved Names and Passwords\\\" in the \\\"Reset Safari\\\" menu option, Safari may take up to 30 seconds to clear the password. Users who have accessed the system during this window of time can access stored credentials. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nFor more information:\nSA40257\nSA41328\nSA42151\nSA42312\n\nSOLUTION:\nUpgrade to iOS 4.2 (downloadable and installable via iTunes). ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Safari Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA35379\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35379/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple Safari, which can be\nexploited by malicious people to disclose sensitive information or\ncompromise a user\u0027s system. \n\n1) An error in the handling of TrueType fonts can be exploited to\ncorrupt memory when a user visits a web site embedding a specially\ncrafted font. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n2) Some vulnerabilities in FreeType can potentially be exploited to\ncompromise a user\u0027s system. \n\nFor more information:\nSA34723\n\n3) Some vulnerabilities in libpng can potentially be exploited to\ncompromise a user\u0027s system. \n\nFor more information:\nSA33970\n\n4) An error in the processing of external entities in XML files can\nbe exploited to read files from the user\u0027s system when a users visits\na specially crafted web page. \n\nOther vulnerabilities have also been reported of which some may also\naffect Safari version 3.x. \n\nSOLUTION:\nUpgrade to Safari version 4, which fixes the vulnerabilities. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Tavis Ormandy\n4) Chris Evans of Google Inc. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3613\n\nChris Evans:\nhttp://scary.beasts.org/security/CESA-2009-006.html\n\nOTHER REFERENCES:\nSA33970:\nhttp://secunia.com/advisories/33970/\n\nSA34723:\nhttp://secunia.com/advisories/34723/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1707"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      },
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35352"
      },
      {
        "db": "VULHUB",
        "id": "VHN-39153"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-1707"
      },
      {
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "db": "PACKETSTORM",
        "id": "78192"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "35352",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1707",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "35379",
        "trust": 2.7
      },
      {
        "db": "OSVDB",
        "id": "55012",
        "trust": 2.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1522",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "35260",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "42314",
        "trust": 1.3
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3046",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-191",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2009-06-08-1",
        "trust": 0.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-033",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-034",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-39153",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2009/1522",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2010/3046",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-1707",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "96086",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "78192",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39153"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-1707"
      },
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      },
      {
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "db": "PACKETSTORM",
        "id": "78192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1707"
      }
    ]
  },
  "id": "VAR-200901-0752",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39153"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:55:57.372000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT3613",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3613"
      },
      {
        "title": "HT4456",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4456"
      },
      {
        "title": "HT3613",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3613?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39153"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1707"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.securityfocus.com/bid/35352"
      },
      {
        "trust": 2.6,
        "url": "http://osvdb.org/55012"
      },
      {
        "trust": 2.6,
        "url": "http://secunia.com/advisories/35379"
      },
      {
        "trust": 2.6,
        "url": "http://www.vupen.com/english/advisories/2009/1522"
      },
      {
        "trust": 1.9,
        "url": "http://support.apple.com/kb/ht3613"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/35260"
      },
      {
        "trust": 1.3,
        "url": "http://support.apple.com/kb/ht4456"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00003.html"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/42314"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2010/3046"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1707"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1707"
      },
      {
        "trust": 0.6,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-034/"
      },
      {
        "trust": 0.4,
        "url": "http://scary.beasts.org/security/cesa-2009-006.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-033/"
      },
      {
        "trust": 0.3,
        "url": "http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/362.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=18449"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/42314/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/42314/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42314"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35379/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/33970/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34723/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39153"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-1707"
      },
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      },
      {
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "db": "PACKETSTORM",
        "id": "78192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1707"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-39153"
      },
      {
        "db": "VULMON",
        "id": "CVE-2009-1707"
      },
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      },
      {
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "db": "PACKETSTORM",
        "id": "78192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1707"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-06-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-39153"
      },
      {
        "date": "2009-06-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2009-1707"
      },
      {
        "date": "2009-06-08T00:00:00",
        "db": "BID",
        "id": "35260"
      },
      {
        "date": "2009-06-08T00:00:00",
        "db": "BID",
        "id": "35352"
      },
      {
        "date": "2009-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      },
      {
        "date": "2010-11-24T11:53:31",
        "db": "PACKETSTORM",
        "id": "96086"
      },
      {
        "date": "2009-06-10T12:30:42",
        "db": "PACKETSTORM",
        "id": "78192"
      },
      {
        "date": "2009-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      },
      {
        "date": "2009-06-10T18:00:00.687000",
        "db": "NVD",
        "id": "CVE-2009-1707"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-12-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-39153"
      },
      {
        "date": "2010-12-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2009-1707"
      },
      {
        "date": "2009-06-12T22:19:00",
        "db": "BID",
        "id": "35260"
      },
      {
        "date": "2010-11-22T17:56:00",
        "db": "BID",
        "id": "35352"
      },
      {
        "date": "2010-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      },
      {
        "date": "2009-06-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      },
      {
        "date": "2024-11-21T01:03:09.203000",
        "db": "NVD",
        "id": "CVE-2009-1707"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "35352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari of\" Safari \u201dReset\u201d vulnerability for reading stored website passwords",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001748"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competitive condition",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-191"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-1707 (GCVE-0-2009-1707)

Vulnerability from cvelistv5

CERTA-2010-AVI-565

Vulnerability from certfr_avis

Description

Solution

CERTA-2009-AVI-223

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2009-1707

Vulnerability from fkie_nvd

ghsa-w9g9-5q3r-qpxx

Vulnerability from github

gsd-2009-1707

Vulnerability from gsd

var-200901-0752

Vulnerability from variot

Tags

Sightings

Nomenclature