Sign-up

ID

VAR-200803-0230


CVE

CVE-2008-1011


TITLE

Apple Safari of WebKit Vulnerable to cross-site scripting due to incomplete instance handling

Trust: 0.8

sources: JVNDB: JVNDB-2008-001197

DESCRIPTION

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. Apple Safari is prone to 12 security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, spoof secure websites, obtain sensitive information, and crash the affected application. Other attacks are also possible. These issues affect versions prior to Apple Safari 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista. NOTE: This BID is being retired. An attacker may leverage this issue to access frame methods in another domain. This may help the attacker steal potentially sensitive information and launch other attacks. NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. If a user is tricked into visiting a malicious web page, sensitive information will be leaked. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 4 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. For more information: SA29393 SOLUTION: Apply updated packages via the yum utility ("yum update WebKit"). Note: Updated packages for midori and kazehakase have also been issued, which have been rebuilt against the new WebKit library. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA29393 VERIFY ADVISORY: http://secunia.com/advisories/29393/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Safari 3.x http://secunia.com/product/17989/ Safari 2.x http://secunia.com/product/5289/ DESCRIPTION: Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to compromise a vulnerable system. 1) An error in the processing of "javascript:" URLs can be exploited to execute arbitrary HTML and script code in context of another site via a specially crafted web page. 2) An error exists the handling of web pages that have explicitly set the document.domain property. This can be exploited to conduct cross-site scripting attacks in sites that set the document.domain property or between HTTP and HTTPS sites with the same document.domain. 3) An error in Web Inspector can be exploited to inject script code that will run in other domains and can read the user's file system when a specially crafted page is inspected. 4) A security issue exists with the Kotoeri input method, which can result in exposing the password field on the display when reverse conversion is requested. 5) An error within the handling of the "window.open()" function can be used to change the security context of a web page to the caller's context. This can be exploited to execute arbitrary script code in the user's security context via a specially crafted web page. 6) The frame navigation policy is not enforced for Java applets. This can be exploited to conduct cross-site scripting attacks using java and to gain escalated privileges by enticing a user to open a specially crafted web page. 7) An unspecified error in the handling of the document.domain property can be exploited to conduct cross-site scripting attacks when a user visits a specially crafted web page. 8) An error exists in the handling of the history object. This can be exploited to inject javascript code that will run in the context of other frames. 9) A boundary error exists in the handling of javascript regular expressions, which can be exploited to cause a buffer overflow via a specially crafted web page. Successful exploitation allows execution of arbitrary code. 10) An error in WebKit allows method instances from one frame to be called in the context of another frame. This can be exploited to conduct cross-site scripting attacks. SOLUTION: Update to version 3.1. PROVIDED AND/OR DISCOVERED BY: 1) Robert Swiecki of Google Information Security Team 2, 3, 5, 6) Adam Barth and Collin Jackson of Stanford University 10) Eric Seidel of the WebKit Open Source Project, and Tavis Ormandy and Will Drewry of Google Security Team ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307563 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.43

sources: NVD: CVE-2008-1011 // JVNDB: JVNDB-2008-001197 // BID: 28290 // BID: 28342 // VULHUB: VHN-31136 // PACKETSTORM: 65784 // PACKETSTORM: 64736

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 2.2

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 2.2

vendor:applemodel:safariscope:eqversion:1.3

Trust: 2.2

vendor:applemodel:safariscope:eqversion:1.2

Trust: 2.2

vendor:applemodel:safariscope:eqversion:1.1

Trust: 2.2

vendor:applemodel:safariscope:eqversion:1.0

Trust: 2.2

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:0.9

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:0.8

Trust: 1.6

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:ltversion:version

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.2

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.6

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.6

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.6

vendor:applemodel:safariscope:eqversion:3

Trust: 0.6

vendor:applemodel:safariscope:neversion:3.1

Trust: 0.6

sources: BID: 28290 // BID: 28342 // JVNDB: JVNDB-2008-001197 // CNNVD: CNNVD-200803-308 // NVD: CVE-2008-1011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1011
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-1011
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200803-308
value: MEDIUM

Trust: 0.6

VULHUB: VHN-31136
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-1011
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-31136
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-31136 // JVNDB: JVNDB-2008-001197 // CNNVD: CNNVD-200803-308 // NVD: CVE-2008-1011

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-31136 // JVNDB: JVNDB-2008-001197 // NVD: CVE-2008-1011

THREAT TYPE

network

Trust: 0.6

sources: BID: 28290 // BID: 28342

TYPE

xss

Trust: 0.8

sources: PACKETSTORM: 65784 // PACKETSTORM: 64736 // CNNVD: CNNVD-200803-308

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001197

PATCH
title:Safari 3.1url:http://support.apple.com/kb/HT1315
Trust: 0.8
title:Safari 3.1url:http://docs.info.apple.com/article.html?artnum=307563-ja
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001197

EXTERNAL IDS
db:BIDid:28342
Trust: 2.8
db:BIDid:28290
Trust: 2.8
db:NVDid:CVE-2008-1011
Trust: 2.8
db:SECTRACKid:1019653
Trust: 2.5
db:USCERTid:TA08-079A
Trust: 2.5
db:SECUNIAid:29924
Trust: 1.8
db:SECUNIAid:29393
Trust: 1.8
db:VUPENid:ADV-2008-0920
Trust: 1.7
db:USCERTid:SA08-079A
Trust: 0.8
db:JVNDBid:JVNDB-2008-001197
Trust: 0.8
db:CNNVDid:CNNVD-200803-308
Trust: 0.7
db:CERT/CCid:TA08-079A
Trust: 0.6
db:APPLEid:APPLE-SA-2008-03-18
Trust: 0.6
db:XFid:41320
Trust: 0.6
db:FEDORAid:FEDORA-2008-3229
Trust: 0.6
db:VULHUBid:VHN-31136
Trust: 0.1
db:PACKETSTORMid:65784
Trust: 0.1
db:PACKETSTORMid:64736
Trust: 0.1
sources:
            
            
            VULHUB: VHN-31136 // 
            
            
            
            BID: 28290 // 
            
            
            
            BID: 28342 // 
            
            
            
            JVNDB: JVNDB-2008-001197 // 
            
            
            
            PACKETSTORM: 65784 // 
            
            
            
            PACKETSTORM: 64736 // 
            
            
            
            CNNVD: CNNVD-200803-308 // 
            
            
            
            NVD: CVE-2008-1011

REFERENCES
url:http://www.securityfocus.com/bid/28290
Trust: 2.5
url:http://www.securityfocus.com/bid/28342
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta08-079a.html
Trust: 2.5
url:http://www.securitytracker.com/id?1019653
Trust: 2.5
url:http://docs.info.apple.com/article.html?artnum=307563
Trust: 2.4
url:https://www.redhat.com/archives/fedora-package-announce/2008-april/msg00402.html
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2008/mar/msg00000.html
Trust: 1.7
url:http://secunia.com/advisories/29393
Trust: 1.7
url:http://secunia.com/advisories/29924
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2008/0920/references
Trust: 1.4
url:http://www.vupen.com/english/advisories/2008/0920/references
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41320
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1011
Trust: 0.8
url:http://jvn.jp/cert/jvnta08-079a/index.html
Trust: 0.8
url:http://jvn.jp/tr/trta08-079a/index.html
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1011
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa08-079a.html
Trust: 0.8
url:http://www.apple.com/safari/
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/41320
Trust: 0.6
url:http://secunia.com/advisories/29393/
Trust: 0.2
url:http://secunia.com/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/about_secunia_advisories/
Trust: 0.2
url:https://www.redhat.com/archives/fedora-package-announce/2008-april/msg00401.html
Trust: 0.1
url:http://secunia.com/network_software_inspector_2/
Trust: 0.1
url:https://www.redhat.com/archives/fedora-package-announce/2008-april/msg00400.html
Trust: 0.1
url:http://secunia.com/advisories/29924/
Trust: 0.1
url:http://secunia.com/product/16769/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/product/5289/
Trust: 0.1
url:http://secunia.com/product/17989/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-31136 // 
            
            
            
            BID: 28290 // 
            
            
            
            BID: 28342 // 
            
            
            
            JVNDB: JVNDB-2008-001197 // 
            
            
            
            PACKETSTORM: 65784 // 
            
            
            
            PACKETSTORM: 64736 // 
            
            
            
            CNNVD: CNNVD-200803-308 // 
            
            
            
            NVD: CVE-2008-1011

CREDITS
Robert Swiecki robert@swiecki.netAdam BarthCollin Jackson collinj@cs.stanford.eduEric SeidelTavis Ormandy taviso@gentoo.orgWill Drewry wad@google.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200803-308

SOURCES
db:VULHUBid:VHN-31136
db:BIDid:28290
db:BIDid:28342
db:JVNDBid:JVNDB-2008-001197
db:PACKETSTORMid:65784
db:PACKETSTORMid:64736
db:CNNVDid:CNNVD-200803-308
db:NVDid:CVE-2008-1011

LAST UPDATE DATE
2025-04-10T20:09:10.085000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-31136date:2017-08-08T00:00:00
db:BIDid:28290date:2008-03-20T20:40:00
db:BIDid:28342date:2008-03-28T19:29:00
db:JVNDBid:JVNDB-2008-001197date:2008-04-04T00:00:00
db:CNNVDid:CNNVD-200803-308date:2008-10-11T00:00:00
db:NVDid:CVE-2008-1011date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-31136date:2008-03-19T00:00:00
db:BIDid:28290date:2008-03-18T00:00:00
db:BIDid:28342date:2008-03-18T00:00:00
db:JVNDBid:JVNDB-2008-001197date:2008-04-04T00:00:00
db:PACKETSTORMid:65784date:2008-04-28T14:37:56
db:PACKETSTORMid:64736date:2008-03-20T00:11:50
db:CNNVDid:CNNVD-200803-308date:2008-03-18T00:00:00
db:NVDid:CVE-2008-1011date:2008-03-19T00:44:00