Sign-up

ID

VAR-201303-0122


CVE

CVE-2013-0961


TITLE

Apple Safari 6.0.3 Used in products such as less than WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2013-001847

DESCRIPTION

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. This vulnerability CVE-2013-0960 Is a different vulnerability. WebKit is prone to an unspecified memory-corruption vulnerability. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-2 Safari 6.0.3 Safari 6.0.3 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2012-2824 : miaubiz CVE-2012-2857 : Arthur Gerkis CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0951 : Apple CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team CVE-2013-0955 : Apple CVE-2013-0956 : Apple Product Security CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0960 : Apple CVE-2013-0961 : wushi of team509 working with iDefense VCP WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of frame elements. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-2889 : Sergey Glazunov WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Copying and pasting content on a malicious website may lead to a cross-site scripting attack Description: A cross-site scripting issue existed in the handling of content pasted from a different origin. This issue was addressed through additional validation of pasted content. CVE-ID CVE-2013-0962 : Mario Heiderich of Cure53 For OS X Lion systems Safari 6.0.3 is available via the Apple Software Update application. For OS X Mountain Lion systems Safari 6.0.3 is included with OS X v10.8.3. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRQBJQAAoJEPefwLHPlZEwj8MP/0dgfaWcn1PZL/BJWaCiBHFn /FLQX83+8v+KexkQY4j1DxvlnrIT6ufAuAZV1VHOzWHhDngwt7EWzPUhT8o8FygE 7qWzamv47n/u2PfMmjNqTivBkEx6PchF1Hlny9cu6xY41NzKsYeQKiIwMJWGAojj huYz31K/YKG/mx1AaS0eVSn7Ypevpq9j7QmnvS6ojQm+b7jKCmpHRlnTSDLRshST QzWo/Do5fcavT9gPqVVm1qag+QzvKTMa6ZK7IDEsnHil1aA3T94taR0AJLVtYzrv zeB8ZJyKNC2ols5QnNknJeqwpTkijaUoRkoZkG/HLGA4OT9PKXRWUoBxpvxGjj6W bixIKYGItWEm5DndatgdDdpKXIlAIf1nMKNmjdDq3C0TYi4bTR6jkcRC8LL+2MrZ ZZdjXdzjmm4PTJpXaIxL7IiaMy1j4Hy+EpciUVZ0sDHGQ+pBgv7QBPKym+g56VNB o48bFGYbyGyDX2Jiag17rLxlh25qZ6YU2ZDsdFs+dXOgg+VX+sU31O94cOa07whH 6k3916hAGRaE4E+sQZYyHdWzgosk1J5Fj2aN6OGzrjYOxNH4ZiNvzmloruGFQKBx fhDw8HUijO6eFfhqBEkGm/9rp99SobXBo4A13S6lAbu9x/hQ7WyzC86T03JcoQlu f08mcBxZvJYFFXVgWg6x =SOkH -----END PGP SIGNATURE----- . In certain contexts, an active network attacker could present untrusted certificates to iTunes and they would be accepted without warning

Trust: 2.16

sources: NVD: CVE-2013-0961 // JVNDB: JVNDB-2013-001847 // BID: 58495 // VULHUB: VHN-60963 // PACKETSTORM: 120821 // PACKETSTORM: 121672

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:safariscope:lteversion:6.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:11.0.3 (windows)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.0.3

Trust: 0.8

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r82222scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r105591scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

sources: BID: 58495 // JVNDB: JVNDB-2013-001847 // CNNVD: CNNVD-201303-304 // NVD: CVE-2013-0961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0961
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0961
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201303-304
value: MEDIUM

Trust: 0.6

VULHUB: VHN-60963
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-0961
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-60963
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-60963 // JVNDB: JVNDB-2013-001847 // CNNVD: CNNVD-201303-304 // NVD: CVE-2013-0961

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-0961

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-304

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201303-304

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001847

PATCH
title:APPLE-SA-2013-05-16-1url:http://lists.apple.com/archives/security-announce/2013/May/msg00000.html
Trust: 0.8
title:APPLE-SA-2013-03-14-2url:http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html
Trust: 0.8
title:HT5671url:https://support.apple.com/kb/HT5671
Trust: 0.8
title:HT5766url:http://support.apple.com/kb/HT5766
Trust: 0.8
title:HT5671url:http://support.apple.com/kb/HT5671?viewlocale=ja_JP
Trust: 0.8
title:HT5766url:http://support.apple.com/kb/HT5766?viewlocale=ja_JP
Trust: 0.8
title:Apple Safari Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186281
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-001847 // 
            
            
            
            CNNVD: CNNVD-201303-304

EXTERNAL IDS
db:NVDid:CVE-2013-0961
Trust: 3.0
db:BIDid:58495
Trust: 1.0
db:JVNid:JVNVU95668478
Trust: 0.8
db:JVNid:JVNVU92876220
Trust: 0.8
db:JVNDBid:JVNDB-2013-001847
Trust: 0.8
db:CNNVDid:CNNVD-201303-304
Trust: 0.7
db:SECUNIAid:52658
Trust: 0.6
db:APPLEid:APPLE-SA-2013-03-14-2
Trust: 0.6
db:VULHUBid:VHN-60963
Trust: 0.1
db:PACKETSTORMid:120821
Trust: 0.1
db:PACKETSTORMid:121672
Trust: 0.1
sources:
            
            
            VULHUB: VHN-60963 // 
            
            
            
            BID: 58495 // 
            
            
            
            JVNDB: JVNDB-2013-001847 // 
            
            
            
            PACKETSTORM: 120821 // 
            
            
            
            PACKETSTORM: 121672 // 
            
            
            
            CNNVD: CNNVD-201303-304 // 
            
            
            
            NVD: CVE-2013-0961

REFERENCES
url:http://lists.apple.com/archives/security-announce/2013/mar/msg00003.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0961
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95668478/index.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu92876220/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0961
Trust: 0.8
url:http://secunia.com/advisories/52658
Trust: 0.6
url:http://www.securityfocus.com/bid/58495
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2013-0956
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0961
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0954
Trust: 0.2
url:http://support.apple.com/kb/ht1222
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0960
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0955
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0948
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0959
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0952
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0958
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0949
Trust: 0.2
url:https://www.apple.com/support/security/pgp/
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-2857
Trust: 0.2
url:http://gpgtools.org
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0950
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0951
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-2824
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0953
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-2889
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0962
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0997
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0912
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0996
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0879
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0992
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0995
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-1014
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0993
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-3748
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0991
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0994
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0998
Trust: 0.1
url:http://www.apple.com/itunes/download/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-5112
Trust: 0.1
sources:
            
            
            VULHUB: VHN-60963 // 
            
            
            
            BID: 58495 // 
            
            
            
            JVNDB: JVNDB-2013-001847 // 
            
            
            
            PACKETSTORM: 120821 // 
            
            
            
            PACKETSTORM: 121672 // 
            
            
            
            CNNVD: CNNVD-201303-304 // 
            
            
            
            NVD: CVE-2013-0961

CREDITS
wushi of team509 working with iDefense VCP
Trust: 0.9
sources:
            
            
            BID: 58495 // 
            
            
            
            CNNVD: CNNVD-201303-304

SOURCES
db:VULHUBid:VHN-60963
db:BIDid:58495
db:JVNDBid:JVNDB-2013-001847
db:PACKETSTORMid:120821
db:PACKETSTORMid:121672
db:CNNVDid:CNNVD-201303-304
db:NVDid:CVE-2013-0961

LAST UPDATE DATE
2025-04-11T20:39:36.594000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-60963date:2013-03-18T00:00:00
db:BIDid:58495date:2013-05-16T20:33:00
db:JVNDBid:JVNDB-2013-001847date:2013-05-20T00:00:00
db:CNNVDid:CNNVD-201303-304date:2022-03-21T00:00:00
db:NVDid:CVE-2013-0961date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-60963date:2013-03-15T00:00:00
db:BIDid:58495date:2013-03-14T00:00:00
db:JVNDBid:JVNDB-2013-001847date:2013-03-19T00:00:00
db:PACKETSTORMid:120821date:2013-03-15T22:28:44
db:PACKETSTORMid:121672date:2013-05-17T13:33:33
db:CNNVDid:CNNVD-201303-304date:2013-03-15T00:00:00
db:NVDid:CVE-2013-0961date:2013-03-15T20:55:10.680