CyberSec.Space Logo
Back to CVE Browser

CVE-2010-1415

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile43.68th
PublishedJun 11, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."

Affected Platforms (CPE)

πŸ“¦
Apple

Safari

<= 4.0.5
πŸ“¦
Apple

Safari

= 4.0
πŸ“¦
Apple

Safari

= 4.0.0b
πŸ“¦
Apple

Safari

= 4.0.1
πŸ“¦
Apple

Safari

= 4.0.2
πŸ“¦
Apple

Safari

= 4.0.3
πŸ“¦
Apple

Safari

= 4.0.4
πŸ“¦
Apple

Webkit

All versions

References & Advisories

πŸ”— http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
πŸ”— http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
πŸ”— http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
πŸ”— http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
πŸ”— http://secunia.com/advisories/40105
πŸ”— http://secunia.com/advisories/40196
πŸ”— http://secunia.com/advisories/41856

Related Vulnerabilities

CVE-2004-053910.0

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which cou...

CVE-2007-284310.0

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via J...

CVE-2004-009210.0

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...