Wushi

**Name of the Vulnerable Software and Affected Versions** Safari version 5.0.6 **Description** The issue is caused by a buffer overflow in the WebKit component, allowing remote attackers to cause a denial of service or execute arbitrary code. **Recommendations** For Safari version 5.0.6, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to potentially vulnerable WebKit components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.2 Safari versions prior to 9.1.1 tvOS versions prior to 9.2.1 **Description** The issue is related to the WebKit Canvas implementation, which allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be achieved via a crafted web site. The vulnerability is caused by a buffer overflow in the WebKit Canvas component. **Recommendations** For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later. For Safari versions prior to 9.1.1, update to version 9.1.1 or later. For tvOS versions prior to 9.2.1, update to version 9.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple Safari (affected versions not specified) iOS (affected versions not specified) **Description** The issue is caused by a buffer overflow in the WebKit component. It may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted website. The vulnerability can be exploited through a remote code execution in Apple Safari, related to a use-after-free issue in the ArrayStorage DFG Optimization. **Recommendations** For Apple Safari, consider restricting access to potentially vulnerable websites until a patch is available. For iOS, as a temporary workaround, consider disabling the WebKit-related functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 7.1.2 Apple Safari versions prior to 6.1.5 and 7.x prior to 7.0.5 Apple TV versions prior to 6.1.2 Apple iTunes (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple iOS versions prior to 7.1.2, update to version 7.1.2 or later. For Apple Safari versions prior to 6.1.5, update to version 6.1.5 or later. For Apple Safari 7.x versions prior to 7.0.5, update to version 7.0.5 or later. For Apple TV versions prior to 6.1.2, update to version 6.1.2 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Apple iTunes.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0.3 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. **Recommendations** For versions prior to 6.0.3, update to version 6.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.0 Apple iTunes (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple Safari versions prior to 6.0, update to version 6.0 or later. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 11.0 Firefox ESR versions 10.x before 10.0.4 Thunderbird versions 5.0 through 11.0 Thunderbird ESR versions 10.x before 10.0.4 SeaMonkey version before 2.9 **Description** The issue is related to the cairo-dwrite implementation, which does not properly restrict font-rendering attempts when certain Windows Vista and Windows 7 configurations are used. This allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. **Recommendations** For Mozilla Firefox versions 4.x through 11.0, update to a version after 11.0. For Firefox ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For Thunderbird versions 5.0 through 11.0, update to a version after 11.0. For Thunderbird ESR versions 10.x before 10.0.4, update to version 10.0.4 or later. For SeaMonkey version before 2.9, update to version 2.9 or later.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 10.6 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 10.6, update to version 10.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 17.0.963.65 Apple iTunes (affected versions not specified) **Description** The issue is a use-after-free vulnerability that can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. This is achieved via vectors involving SVG use elements. **Recommendations** For Google Chrome versions prior to 17.0.963.65, update to version 17.0.963.65 or later to resolve the issue. For Apple iTunes, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 16.0.912.77 **Description** The issue is related to a use-after-free vulnerability in the handling of DOM, which could allow remote attackers to cause a denial of service or possibly have other unspecified impacts. **Recommendations** For versions prior to 16.0.912.77, update to version 16.0.912.77 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 10.5 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 10.5, update to version 10.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 14.0.835.163 **Description** The issue is related to the improper handling of Cascading Style Sheets (CSS) token sequences, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. This is achieved via unknown vectors that lead to a "stale node." **Recommendations** For versions prior to 14.0.835.163, update to version 14.0.835.163 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple Safari versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 **Description** The issue allows remote attackers to bypass the Same Origin Policy and modify the rendering of text from arbitrary web sites via a Java applet that loads fonts. **Recommendations** For versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit versions prior to 5.0.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is a different issue than other WebKit vulnerabilities. **Recommendations** For WebKit versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is a different issue than other vulnerabilities listed in APPLE-SA-2011-07-20-1. **Recommendations** For Apple Safari versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of WebKit-based features in Safari until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple Safari versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For Apple Safari versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKit versions prior to 5.0.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is a different issue than other WebKit vulnerabilities. **Recommendations** For WebKit versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted web sites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 10.2 on Windows **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 10.2 on Windows, update to version 10.2 or later to resolve the issue.