CVE-2012-5851 – WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass
https://notcve.org/view.php?id=CVE-2012-5851
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. html/parser/XSSAuditor.cpp en WebCore en WebKit, tal y como se utiliza en Google Chrome hasta v22 y Safari v5.1.7, no tiene en cuenta todos los contextos de salida posibles de los datos reflejados, lo que hace que sea más fácil para los atacantes remotos saltarse el mecanismo de protección ante ataques de ejecución de comandos en sitios cruzados (XSS) a través de una cadena hecha a mano. Se trata de un problema también conocido como "rdar problem 12019108". • https://www.exploit-db.com/exploits/38024 http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html https://bugs.webkit.org/show_bug.cgi?id=92692 https://exchange.xforce.ibmcloud.com/vulnerabilities/80072 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-3748 – (Mobile Pwn2Own) Apple Safari shiftCount/splice Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-3748
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. Una condición de carrera en WebKit de Apple iOS antes de v6.0.1 y Safari antes de v6.0.2 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) a través de vectores relacionados con las matrices en JavaScript. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array objects. When splicing a sparse array, the size of a sparse array is not properly validated. • https://www.exploit-db.com/exploits/28081 http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0013.html http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2012/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00003.html http://secunia.com/advisories/51445 http://support.apple.com/kb/HT5567 http://support.apple.co • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2012-3714
https://notcve.org/view.php?id=CVE-2012-3714
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. La característica Form Autofill en Apple Safari anteriores a v6.0.1 no restringen los campos rellenados al grupo de los campos que contiene el autorellenado, lo que permite a los atacantes remotos a obtener la tarjeta Me desde la Address Book a través de una sitio Web manipulado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85653 http://support.apple.com/kb/HT5502 http://www.securityfocus.com/bid/55625 https://exchange.xforce.ibmcloud.com/vulnerabilities/78681 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3713
https://notcve.org/view.php?id=CVE-2012-3713
Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document. Apple Safari anterior a v6.0.1 no maneja adecuadamente el atributo Quarantine de los documentos HTML, lo que permite a atacantes remotos asistidos por el usuario leer archivos de su elección aprovechando la presencia de un documento descargado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85652 http://support.apple.com/kb/HT5502 http://www.securityfocus.com/bid/55624 https://exchange.xforce.ibmcloud.com/vulnerabilities/78679 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3715
https://notcve.org/view.php?id=CVE-2012-3715
Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network. Apple Safari antes de v6.0.1 hace peticiones http para URIs https en determinadas circunstacionas relacionadas con un "pegado" en la barra de direcciones, lo que permite obtener información sensible a atacantes remotos con cierta ayuda de un usuario local capturando tráfico de red. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85655 http://support.apple.com/kb/HT5502 http://www.securityfocus.com/bid/55626 https://exchange.xforce.ibmcloud.com/vulnerabilities/78680 • CWE-310: Cryptographic Issues •