返回 CVE 浏览器

CVE-2010-1415

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1200%

EPSS Percentile43.68th

Published2010年6月11日

Last Modified2026年4月29日

Vulnerability Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."

Affected Platforms (CPE)

📦

Apple

Safari

<= 4.0.5

📦

Apple

Safari

= 4.0

📦

Apple

Safari

= 4.0.0b

📦

Apple

Safari

= 4.0.1

📦

Apple

Safari

= 4.0.2

📦

Apple

Safari

= 4.0.3

📦

Apple

Safari

= 4.0.4

📦

Apple

Webkit

All versions

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

🔗 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

🔗 http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

🔗 http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

🔗 http://secunia.com/advisories/40105

🔗 http://secunia.com/advisories/40196

🔗 http://secunia.com/advisories/41856

相关漏洞威胁

CVE-2004-053910.0

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which cou...

CVE-2007-284310.0

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via J...

CVE-2004-009210.0

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...