CyberSec.Space Logo
Back to CVE Browser

CVE-2008-2303

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile33.67th
PublishedJul 14, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.

Affected Platforms (CPE)

πŸ“¦
Apple

Safari

All versions

References & Advisories

πŸ”— http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
πŸ”— http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
πŸ”— http://secunia.com/advisories/31074
πŸ”— http://secunia.com/advisories/32706
πŸ”— http://support.apple.com/kb/HT3298
πŸ”— http://www.securityfocus.com/bid/30186
πŸ”— http://www.vupen.com/english/advisories/2008/2094/references
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/43736

Related Vulnerabilities

CVE-2004-053910.0

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which cou...

CVE-2007-284310.0

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via J...

CVE-2004-009210.0

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2009-013710.0

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote at...