CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4424
https://notcve.org/view.php?id=CVE-2007-4424
18 Aug 2007 — Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. Apple Safari... • http://securityreason.com/securityalert/3022 •
CVSS: 8.1EPSS: 2%CPEs: 4EXPL: 0CVE-2007-2408
https://notcve.org/view.php?id=CVE-2007-2408
03 Aug 2007 — WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. WebKit en Apple Safari 3 Beta anterior al Update 3.0.3 no reconoce adecuadamente una configuración desactivada para "Habilitar Java", lo cual permite a atacantes remotos ejecutar applets Java a través de una página web manipulada. • http://docs.info.apple.com/article.html?artnum=306174 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2007-3742
https://notcve.org/view.php?id=CVE-2007-3742
03 Aug 2007 — WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. WEbKit en Apple Safari 3 Beta anterior al Update 3.0.3, y iPhone anterior a 1.0.1, no maneja adecuadamente la interacción entre el soporte para Nombres de Dominio Internacionales (International D... • http://docs.info.apple.com/article.html?artnum=306173 • CWE-16: Configuration CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3743
https://notcve.org/view.php?id=CVE-2007-3743
03 Aug 2007 — Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title. Desbordamiento de búfer basado en pila en la gestión de marcadores de Apple Safari 3 Beta anterior a la actualización 3.0.3 en Windows permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída de la aplicación) o ejecu... • http://docs.info.apple.com/article.html?artnum=306174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 35%CPEs: 3EXPL: 0CVE-2007-3944
https://notcve.org/view.php?id=CVE-2007-3944
23 Jul 2007 — Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifie... • http://docs.info.apple.com/article.html?artnum=306173 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3718
https://notcve.org/view.php?id=CVE-2007-3718
12 Jul 2007 — Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. Múltiples vulnerabilidades no especificadas en el motor de análisis SVG de Apple Safari 3 Beta para Windows tienen vectores de ataque remotos e impacto no especificados. NOTA: esta notificación no contiene información concreta, pero ha sido divulgado por un invest... • http://osvdb.org/38858 •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3514
https://notcve.org/view.php?id=CVE-2007-3514
03 Jul 2007 — Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. Vulnerabilidad de dominio cruzado en Apple Safari para Windows 3.0.2 permite a atacantes remotos evitar la Política de Mismo Origen y acceder a información restringida de otros... • http://osvdb.org/38861 •
CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 1CVE-2007-3376
https://notcve.org/view.php?id=CVE-2007-3376
25 Jun 2007 — Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. Desbordamiento de búfer en Apple Safari 3.0.2 en Windows XP SP2 permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un valor lar... • http://marc.info/?l=full-disclosure&m=118278848816602&w=2 •
CVSS: 4.7EPSS: 1%CPEs: 6EXPL: 0CVE-2007-2400
https://notcve.org/view.php?id=CVE-2007-2400
25 Jun 2007 — Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. Una condición de carrera en Apple Safari versiones 3 Beta anteriores a 3.0.2 en Mac OS X, Windows XP, Windows Vista, y iPhone versiones anteriores a 1.0.1, permite a atacantes remo... • http://docs.info.apple.com/article.html?artnum=306173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 2%CPEs: 2EXPL: 0CVE-2007-2398
https://notcve.org/view.php?id=CVE-2007-2398
21 Jun 2007 — Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el título de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de s... • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html •