NASLDB: Mac OS X : Safari < 6.0 Multiple Vulnerabilities
General
ID: 60127
Name: Mac OS X : Safari < 6.0 Multiple Vulnerabilities
Summary: Check the Safari SourceVersion
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: 0
Family: MacOS X Local Security Checks
Type: Local
Description
The version of Safari installed on the remote Mac OS X host is
earlier than 6.0. It is, therefore, potentially affected by several
issues :
– An unspecified cross-site scripting issue exists.
(CVE-2012-0678)
– An error in the handling of ‘feed://’ URLs can allow
local files to be disclosed to remote servers.
(CVE-2012-0679)
– Password input elements are auto completed even when
a webpage specifically forbids it. (CVE-2012-0680)
– A cross-site scripting issue exists due to improper
handling of the HTTP ‘Content-Disposition’ header
value of ‘attachment’. (CVE-2011-3426)
– Numerous issues exist in WebKit. (CVE-2011-2845,
CVE-2011-3016, CVE-2011-3021, CVE-2011-3027,
CVE-2011-3032, CVE-2011-3034, CVE-2011-3035,
CVE-2011-3036, CVE-2011-3037, CVE-2011-3038,
CVE-2011-3039, CVE-2011-3040, CVE-2011-3041,
CVE-2011-3042, CVE-2011-3043, CVE-2011-3044,
CVE-2011-3050, CVE-2011-3053, CVE-2011-3059,
CVE-2011-3060, CVE-2011-3064, CVE-2011-3067,
CVE-2011-3068, CVE-2011-3069, CVE-2011-3071,
CVE-2011-3073, CVE-2011-3074, CVE-2011-3075,
CVE-2011-3076, CVE-2011-3078, CVE-2011-3081,
CVE-2011-3086, CVE-2011-3089, CVE-2011-3090,
CVE-2011-3913, CVE-2011-3924, CVE-2011-3926,
CVE-2011-3958, CVE-2011-3966, CVE-2011-3968,
CVE-2011-3969, CVE-2011-3971, CVE-2012-0682,
CVE-2012-0683, CVE-2012-1520, CVE-2012-1521,
CVE-2012-2815, CVE-2012-3589, CVE-2012-3590,
CVE-2012-3591, CVE-2012-3592, CVE-2012-3593,
CVE-2012-3594, CVE-2012-3595, CVE-2012-3596,
CVE-2012-3597, CVE-2012-3599, CVE-2012-3600,
CVE-2012-3603, CVE-2012-3604, CVE-2012-3605,
CVE-2012-3608, CVE-2012-3609, CVE-2012-3610,
CVE-2012-3611, CVE-2012-3615, CVE-2012-3618,
CVE-2012-3620, CVE-2012-3625, CVE-2012-3626,
CVE-2012-3627, CVE-2012-3628, CVE-2012-3629,
CVE-2012-3630, CVE-2012-3631, CVE-2012-3633,
CVE-2012-3634, CVE-2012-3635, CVE-2012-3636,
CVE-2012-3637, CVE-2012-3638, CVE-2012-3639,
CVE-2012-3640, CVE-2012-3641, CVE-2012-3642,
CVE-2012-3644, CVE-2012-3645, CVE-2012-3646,
CVE-2012-3650, CVE-2012-3653, CVE-2012-3655,
CVE-2012-3656, CVE-2012-3661, CVE-2012-3663,
CVE-2012-3664, CVE-2012-3665, CVE-2012-3666,
CVE-2012-3667, CVE-2012-3668, CVE-2012-3669,
CVE-2012-3670, CVE-2012-3674, CVE-2012-3678,
CVE-2012-3679, CVE-2012-3680, CVE-2012-3681,
CVE-2012-3682, CVE-2012-3683, CVE-2012-3686,
CVE-2012-3689, CVE-2012-3690, CVE-2012-3691,
CVE-2012-3693, CVE-2012-3694, CVE-2012-3695,
CVE-2012-3696, CVE-2012-3697)
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2011-2845
OSVDB: –
Bugtraq: 54669
scipID: –
Timeline
Vulnerability Disclosure: 2012/07/25
Patch Release: 2012/07/25
Plugin Release: 2012/07/26
Plugin
Version: 1.4
Filename: macosx_Safari6_0.nasl
Filesize: 9100 bytes
MD5 Hash: 4201888f657f118ea02c43f6bbe244ac
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed
Dependencies: "macosx_Safari31.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack