vendor:
Safari
by:
Jeremy Brown
7.8
CVSS
HIGH
Denial-of-Service
400
CWE
Product Name: Safari
Affected Version From: 3.2
Affected Version To: 3.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:apple:safari
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows Vista, iOS 4.0.1
2010
Apple Safari WebKit Denial-of-Service Vulnerability
Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library. Remote attackers can exploit this issue to crash the affected browser, resulting in a denial-of-service condition. Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different platforms may also be affected. Note (December 20, 2010): Safari on iOS 4.0.1 is also vulnerable. A proof-of-concept exploit is available that uses a malicious HTML file to trigger the vulnerability.
Mitigation:
Upgrade to the latest version of Safari to mitigate this vulnerability.